Column-based Permissions

Let's return to the Lake Formation console to set column-based data permissions for the business analyst user.
  1. Click on Grant button in the Data permissions window
  2. On the window that pops up, for IAM users and roles drop down select lf-business-analyst as the user under the Principals section.
  3. Under the Policy tags or catalog resources section, select the option Named data catalog resources. Choose tpc for the database and select dl_tpc_customer table.
  4. We want to give Select permission to this user. Under Table and column permissions, check Select.
  5. We want to hide the PII columns for this table from this user. So, under Data Permissions section, select Simple column-based access. Select(exclude) the PII columns as shown below:
  6. Leave the Grantable permissions unselected and click on the Grant button.
  7. For the customer table, the lf-business-analyst user will only be able to see non-PII columns.