Posted On: Nov 21, 2023
AWS Lake Formation now allows customers to apply permissions on subfields of their nested tables using data filters. Permissions can be granted on more granular fields such as on particular columns inside of structs. Permissions on nested fields provide customers more fine grained permissions to better match their business needs with greater flexibility to how they structure their data.
Previously, when producing data, customers needed to verify that the data they wanted to grant access to did not include restricted subfields. Now customers can define a single filter that precisely matches the nested sub-fields to which they want to allow access. For example, a customer has a purchases table that includes a nested column consisting of a struct with the subfields, Date, Name, Purchase Type, Address, Country, and Payment. With permissions on nested columns, customers can create permissions and grants to less sensitive fields such as Date, Purchase Type, and State while protecting the other information within the nested structure.
Data filters on nested sub-fields are available to protect users querying data via Amazon Athena.
This feature is available in all AWS regions where AWS Lake Formation is available. For additional details, please refer to Lake Formation data filter documentation.