AWS Lake Formation is fully managed service that helps you build, secure, and manage data lakes, and provide access control for data in the data lake.
Granular access permissions
Customers acress lines of business (LOBs) need a way to manage granular access permissions for different users at the table and column level. Lake Formation helps you manage fine-grained access for internal and external customers from a ventralized location and in a scalable way.
you can manage granular permissions on datasets shared between AWS accounts using Lake Formation.
Our use case assumes you’re using AWS Organizations to manage your AWS accounts. The user of Account A in one organizational unit (OU1) grants access to users of Account B in OU2. You can use this same approach when not using Organizations, such as when you only have a few accounts.
The following diagram illustrates the fine-grained access control of datasets in the data lake.
- The data lake is available in the Account A.
- The data lake administrator of Account A provides fine-grained access for Account B.
The diagram also shows that a user of Account B provides column-level access of the Account A data lake table to another user in Account B.
reference
