LF Tag-based Access Control

Login to your AWS account as the user lf-campaign-manager. Proceed to the Athena console.
  1. From the AWS Management console, search for Amazon Athena service
  2. Make sure you are logged in as a lf-campaign-manager user.
  3. Locate and expand the table section on the left hand side of the screen. Notice that a campaign manager has access to two tables dl_tpc_customer & dl_tpc_household_demographics.
  4. Expand the dl_tpc_household_demographics table, you will notice that you have access to all its columns. Execute select * query to verify the access. This is expected as you have given access to all its columns through tag campaign.
  5. Now expand the dl_tpc_customer table and you will notice that you only have access to few columns. In the previous section, you assigned tags to only few columns, so only those columns are now visible to this user.
  6. Execute a select * command on this table to verify the access to limited columns.