LF Tag-based Permissions
Let's return to the Lake Formation console to set LF tag-based access control for the campaign manager user. You can
assign policy tags to Data Catalog resources (databases, tables, and columns) to control access to those resources.
Only principals that are granted matching policy tags (and principals that are granted access with the named resource method) can access the resources.
Create Policy Tags
- In the navigation pane, under Permissions, choose Policy tags. The Policy tags page will appear.
- Click on Add tag. In the Add policy tag dialog box, enter a key named
group. For the values, add developer, analyst, and campaign as shown
- Click on Add tag to save them.
Assign LF Tags to Data Catalog Objects
In this section, we are going to assign the newly created tags to household_demographics
table and few non-PII
columns of the customer
table. Let's follow these steps to apply tags to the tab:
- From the navigation pane, select Tables. Choose dl_tpc_household_demographics table, on the
Actions menu, choose Edit tags The Edit policy tags: dl_tpc_household_demographics dialog
box will appear.
- From the Assigned keys box, select group and for the Values, select campaign.
Choose Save to finalize the selection.
Now, assign the same tag to few non-PII columns of the customer
- From the navigation pane, select Tables. Choose dl_tpc_customer table and go to
the table details page.
- Click on Edit schema from the Schema section.
- From the dl_tpc_customer table, select few non-PII columns c_preferred_cust_flag,
c_first_sales_date_sk, c_current_cdemo_sk, c_last_review_date_sk, and c_first_shipto_date_sk and
click on Edit tags.
- Click on Assign new policy tag. Select group as the keys and for the Values, select
campaign. Choose Save to finalize the selection.
- Click on Save as new version to save the schema with updated tags. You will be able to see all those
assigned policy tags under the Policy tags section.
At this point, you created policy tag and assigned the tag to few data catalog objects. Now, proceed to the next
section to assign the principal to those policies.
Apply LF Tags Security Policies