Posted On: Feb 29, 2024
Amazon Redshift customers can now use scoped permissions to manage permissions for a role or user on a database or schema scope, avoiding the need to manually grant permissions on every object. Scoped permissions apply to objects in the selected scope when you grant or revoke the permission, as well as to new objects created after you grant or revoke the permission. For example, granting SELECT permission to tables in a schema allows access to current and future tables within the schema. Scoped permissions can also be used on shared databases created from a datashare.
In addition to scoped permissions, Amazon Redshift is introducing a new capability to allow data consumers to manage object-level permissions on shared data. Amazon Redshift already supports sharing data at the granularity of objects from data sharing producer. With object-level permissions on data sharing consumers, you can grant access in shared databases at a granular level from data sharing consumers than the previously possible permissions at schema level only. Users and roles on data sharing consumers will only have the access to the objects they have permission for. As a data consumer, in order to define object-level privilege on the shared database or schema, you need to create databases from data sharing with the WITH PERMISSIONS option.
Scoped permission and datashare object-level premissions are now available in all AWS commercial and the AWS GovCloud (US) Regions where Amazon Redshift is available. You can learn more about this feature from the Redshift management guide.