As part of this exercise, we will treat emr-developer
(the account you created in the Auth0/Okta account) as a developer, who has access to only a few tables and columns. You can create additional users in Auth0/Okta and define different permissions in AWS Lake Formation
To set permissions for this user, login into AWS console as the lf-admin
user (default password: Password1!). You can get a console login URL from CloudFormation template output as shown below.
Follow these steps to update Lake Formation permissions for IdP user.
- On the AWS Lake Formation console, click on the Data permissions section.
- Then click on the Grant button.
- From the Target resources section, choose tpc for the database and select the following two tables:
Please ignore the tables that start with an underscore, those are temp tables.
- From the Principals section, select SAML users and groups. Enter the SAML user ARN in the
SAML and Amazon QuickSight users and groups field based on your IdP provider. Replace account-id with your AWS account id.
For AD FS
Replace account-id with your AWS account id..
- From the Permissions section, select Table permissions. From the list of permissions, check
Select option and click on the Grant button.
- Repeat Step 1 and 2 and select dl_tpc_customer table this time. Enter SAML details and proceed to
Permissions section. Select Column-based permissions and select Include columns from
the permission filter. Now, from the column drop-down, select the following 4 columns:
- Leave the Grantable permissions unselected and click on the Grant button.