🛠 Implement Lake Formation Permissions on Replicated CaDeT Databases and Tables

Question

🛠 Implement Lake Formation Permissions on Replicated CaDeT Databases and Tables

Closed this issue 18 days ago · 1 comments

User Story

This story is a follow-on from #5860

Once we have a list of databases and tables that correspond to replicated bucket paths, we need to grant users permissions to these objects that correspond to the data locations Data Engineering Database Access grants users access to.

Value / Purpose

For rationale of why this is desirable although it deviates from the current practice, see the Value / Purpose section of #5860

Useful Contacts

Jacob Hamblin-Pyke, Julia Lawrence

User Types

QuickSight Users

Hypothesis

No response

Proposal

Extend the work in #5600 to assign users LakeFormation permissions on databases and tables based on information derived from #5860

Additional Information

No response

Definition of Done

LakeFormation Permissions added
Access to QuickSight tested
Follow-on stories raised

Answer 1 · 2024-11-26T08:28:00.000Z

Current plan:

tag glue resources using sha1 of their path
Use terraform to assign permissions based on those tags

Issues:

Not sure what to do for databases
Ideally TF would check the validity of the tag before attempting to apply, but there is no easy way to achieve this.
???