Posted On: Apr 7, 2022

Amazon Redshift now supports role-based access control (RBAC), a new enhancement that helps you simplify the management of security privileges in Amazon Redshift. You can use the RBAC feature to control end user access to data at a broad or granular level based on their job role/permission rights and level of data sensitivity.

Amazon Redshift customers can have hundreds or thousands of users who access Amazon Redshift data warehouse from their favorite analytics tool, and they have the requirements to provide different level of security privileges to different groups of users. As an administrator using RBAC, you can create a role using SQL commands, grant a collection of granular permissions, and then assign that role to the end-users. You can also grant object-level, column-level, and system-level permissions to a role. Additionally, RBAC introduces out-of-box system roles and system permissions that allow you to grant different types of administrators with out-of-box roles for DBA, Operator, Security Admin, or customized roles instead of making them superusers.

For users of RBAC, RBAC allows you to assign a role to a user or grant a role to another role. You can assign multiple roles to a user. A user can inherit permissions from all assigned roles.

This feature is now available in all Amazon Web Services (AWS) commercial regions where Amazon Redshift is available. You can find more information about RBAC from the Redshift database developers guide, blog, and demo.