Table-based Access Control

As you may recall, a developer only has access to the web_page and web_sales tables. Login to your AWS account as the user lf-developer using the IAM sign-in link. Let us make sure a developer run queries from Athena console on those tables and nothing else.
  1. From the AWS Management console, search for Amazon Athena service
  2. Make sure you are logged in as a lf-developer and select tpc for the Glue database.
  3. As you my have noticed, a developer can only see two tables dl_tpc_web_page and dl_tpc_web_sales.
  4. If you are first time user, you will notice a message to set up a query result location in S3. Click on the link:
  5. Provide the Athena query result S3 path that you collected from the CloudFormation output and save it.
  6. On the top left hand side of the screen, select Saved Queries and choose a query named LF-Developer-Query
  7. Run each query one at a time, highlight(select) each of the entire statement on the Athena console and then click on the Run query button. You will notice the results appear within few seconds after you click on Run Query for the first 2 queries:
  8. Now run the last query. Since a developer does not have access to any other table, querying item table produces a insufficient privileges message as shown in the screenshot
  9. Let's check out the data permissions for lf-business-analyst and lf-campaign-manager users.