Column-based Access Control

Login to your AWS account as the user lf-business-analyst. Let us make sure this user can run queries from Athena console and has access to only few non-PII columns of the dl_tpc_customer table.
  1. From the AWS Management console, search for Amazon Athena service
  2. Make sure you are logged in as a lf-business-analyst user
  3. Locate and expand the dl_tpc_customer table on the left hand side of the screen. Notice how the table does not show any PII data for the customer table
  4. On the top left hand side of the screen, select Saved Queries and choose a query named LF-BusinessAnalyst-Query
  5. Run each query one at a time, highlight(select) each of the entire statement on the Athena console and then click on the Run query button. You will notice the results appear within few seconds:
  6. The last query tries to access the PII data and as expected the business analyst user will get an error message
  7. Proceed to test the data access permissions for the lf-campaign-manager user.