Giter Club home page Giter Club logo

Comments (5)

vrajat avatar vrajat commented on August 19, 2024 1

Thanks for pointing this out. This is a valid feature request and it should be possible to support. I'll add it to the queue. Happy to also accept contributions :)

from lakecli.

vrajat avatar vrajat commented on August 19, 2024

boto3 or AWS Lakeformation API does not have the functionality to grant permissions to all tables. The closes is batch_grant_permissions or batch_revoke_permissions. However, these API take a maximum of 20 entries.

The nice part of lakecli is that it can be part of script - bash or python and you can automate granting permissions to a larger set. Happy to discuss if you want to try writing such a script.

from lakecli.

hkuchibhotla avatar hkuchibhotla commented on August 19, 2024

Hi Rajat,
Thank you for your response.

Per boto3 documentation, batch_grant_permissions it can take a list of up to 20 entries. However, granting permissions to ALL TABLES within a Database can be performed by using "TableWildcard" option.

TableWildcard (dict) --
A wildcard object representing every table under a database.

Ref: batch_grant_permissions

Alternatively, this works via the CLI as well:

aws lakeformation grant-permissions --principal DataLakePrincipalIdentifier=<ARN_OF_THE_IAM_PRINCIPAL> 
 --permissions "SELECT" --resource '{"Table": {"DatabaseName": "<DBNAME>", "TableWildCard": {} } }'

The above command grants SELECT access to ALL TABLES within the to the IAM principal.

Wonder if this feature could be added to lakecli, that would make it way easier to work with databases containing large number of tables. Apart from this limitation, found lakecli to be useful to view/ query permissions in a SQL-like dialect and to grant individual permissions!

Thanks.

from lakecli.

hkuchibhotla avatar hkuchibhotla commented on August 19, 2024

Hey @vrajat any idea when this enhancement request is being planned? Happy to pair with you on this.

from lakecli.

vrajat avatar vrajat commented on August 19, 2024

Hi,
I havent had a chance to work on this feature. Most of my time is spent on tokern/data-lineage. However, I am happy to collaborate, work together to design and accept any contributions.
This will also motivate me to support other feature requests like #17 by integrating tokern/dbcat to pull more info from AWS glue.

Will you be able contribute code for this feature?

from lakecli.

Related Issues (7)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.