AWS Security ChangesHomeSearch

AWS lake-formation documentation change

Service: lake-formation · 2026-04-22 · Documentation low

File: lake-formation/latest/dg/access-control-underlying-data.md

Summary

Added clarification that partition operations (CreatePartition, BatchCreatePartition, UpdatePartition) do not require data location permissions when the partition location is a child of an already registered table location.

Security assessment

This change clarifies existing permission behavior for partition operations. It documents a specific condition under which data location permissions are not required, which is a refinement of access control rules but does not indicate a security vulnerability or weakness. The change is informational and helps users understand the security model better, but there is no evidence of addressing a security issue.

Diff

diff --git a/lake-formation/latest/dg/access-control-underlying-data.md b/lake-formation/latest/dg/access-control-underlying-data.md
index e40ae2701..71f2b97aa 100644
--- a//lake-formation/latest/dg/access-control-underlying-data.md
+++ b//lake-formation/latest/dg/access-control-underlying-data.md
@@ -138,0 +139,2 @@ Data location permissions govern the outcome of create and update operations on
+  * Partition operations (`CreatePartition`, `BatchCreatePartition`, `UpdatePartition`) do not require data location permissions when the partition location is a child of the table location already registered with Lake Formation.
+