Amazon DataZone introduces fine-grained access control

Posted on: Jul 3, 2024

Today, Amazon DataZone has introduced fine-grained access control, providing data owners granular control over their data at row and column levels. Customers use Amazon DataZone to catalog, discover, analyze, share, and govern data at scale across organizational boundaries with governance and access controls. Data owners can now restrict access to specific records of data, instead of granting access to the entire dataset. For example, if your table contains data for multiple regions, you can create row filters to grant access to rows with different regions to different projects. Additionally, column filters allow you to restrict access to specific columns, such as those containing Personally Identifiable Information (PII), ensuring that subscribers can only access the necessary and less sensitive data.

To get started, you can create row and column filters within the Amazon DataZone portal. When a user requests access to your data asset, you can approve the subscription by applying the appropriate filters. Amazon DataZone enforces these filters using AWS Lake Formation and Amazon Redshift, ensuring that the subscriber can only access the rows and columns that you have authorized.

Fine-grained access control support for both Amazon Redshift and AWS Lake Formation is now generally available in the following AWS Regions: US East (Ohio), US East (N. Virginia), US West (Oregon), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Asia Pacific (Seoul), Canada (Central), Europe (Frankfurt), Europe (Ireland), Europe (Stockholm), Europe (London), and South America (São Paulo).

Learn more about fine-grained access control in the user documentation.