AWS Security ChangesHomeSearch

AWS sagemaker-unified-studio documentation change

Service: sagemaker-unified-studio · 2026-03-13 · Documentation low

File: sagemaker-unified-studio/latest/userguide/datazone-data-lineage-permissions.md

Summary

Added 'datazone:QueryGraph' permission requirement and rephrased note about managed policy inclusion

Security assessment

Clarifies required permissions for accessing data lineage features but doesn't address a specific vulnerability. Enhances documentation about existing security controls.

Diff

diff --git a/sagemaker-unified-studio/latest/userguide/datazone-data-lineage-permissions.md b/sagemaker-unified-studio/latest/userguide/datazone-data-lineage-permissions.md
index 9402abd26..fa13b4898 100644
--- a//sagemaker-unified-studio/latest/userguide/datazone-data-lineage-permissions.md
+++ b//sagemaker-unified-studio/latest/userguide/datazone-data-lineage-permissions.md
@@ -16,0 +17 @@ Permissions on following actions are needed to view lineage graph:
+  * `datazone:QueryGraph`
@@ -20 +21,2 @@ Permissions on following actions are needed to view lineage graph:
-Both these are included in the `AmazonSageMakerDomainExecution` managed policy and therefore every user in an Amazon SageMaker Unified Studio domain can invoke these to view the data lineage graph in Amazon SageMaker Unified Studio.
+
+Above permissions are included in the `AmazonSageMakerDomainExecution` managed policy and therefore every user in an Amazon SageMaker Unified Studio domain can invoke these to view the data lineage graph in Amazon SageMaker Unified Studio.