AWS redshift documentation change
Summary
Added database/schema qualification syntax and federated permissions reference
Security assessment
Extends RLS policy detachment syntax for federated environments. Updates security feature documentation without evidence of vulnerability fixes.
Diff
diff --git a/redshift/latest/dg/r_DETACH_RLS_POLICY.md b/redshift/latest/dg/r_DETACH_RLS_POLICY.md index d89eac069..fb056ce1f 100644 --- a//redshift/latest/dg/r_DETACH_RLS_POLICY.md +++ b//redshift/latest/dg/r_DETACH_RLS_POLICY.md @@ -18,2 +18,8 @@ Superusers and users or roles that have the `sys:secadmin` role can detach a pol - DETACH RLS POLICY _policy_name_ ON [TABLE] _table_name_ [, ...] - FROM { _user_name_ | ROLE _role_name_ | PUBLIC } [, ...] + DETACH RLS POLICY + { + policy_name ON [TABLE] table_name [, ...] + | database_name.policy_name ON [TABLE] database_name.schema_name.table_name [, ...] + } + FROM { user_name | ROLE role_name | PUBLIC } [, ...]; + + @@ -28 +34,4 @@ The name of the policy. -ON [TABLE] _table_name_ [, ...] +database_name + + +The name of the database where the policy and the relation are created. The policy and the relation needs to be on the same database. The database can be the connected database or a database that supports Amazon Redshift federated permissions. @@ -29,0 +39 @@ ON [TABLE] _table_name_ [, ...] +schema_name @@ -31 +41,7 @@ ON [TABLE] _table_name_ [, ...] -The table or view that the row-level security policy is detached from. + +The name of the schema the relation belongs to. + +table_name + + +The relation that the row-level security policy is attached to. @@ -37,0 +54,2 @@ Specifies whether the policy is detached from one or more specified users or rol +For the usage of DETACH RLS POLICY on Amazon Redshift Federated Permissions Catalog, see [ Managing access control with Amazon Redshift federated permissions](https://docs.aws.amazon.com/redshift/latest/dg/federated-permissions-managing-access.html). +