AWS Lake Formation - Metadata access control vs Data location permissions

Asked Sep 17 '21 at 14:19

Active Sep 17 '21 at 14:19

Viewed 194 times

Quoting Lake Formation Access Control Overview :

Metadata access control – Permissions on Data Catalog resources (Data Catalog permissions).

These permissions enable principals to create, read, update, and delete metadata databases and tables in the Data Catalog.

...

Data location permissions enable principals to create and alter metadata databases and tables that point to specific Amazon S3 locations.

It sounds like Metadata access control and Data location permissions are pretty much the same to me - they manage permissions for the metadata databases and tables. What's the difference between these two?

asked Sep 17 '21 at 14:19

justHelloWorld

6,478
8
58
138

I've been working a bunch on LF recently with my company and I have this same question. We're you ever able to figure it out? I thought maybe the difference was that permissions on a data location allow services or users to access bucket objects without needed to grant permission to query data with the """lakeformation:GetDataAccess""" policy permission – trimbljk Apr 28 '23 at 18:01

AWS Lake Formation - Metadata access control vs Data location permissions

0 Answers0