CODEWITHSUNDEEP
amazon-web-servicesaws-lake-formation
luisvenezian
luisvenezian

Reputation: 501

Is there an easy way to revoke all AWS Lake Formation permissions at once for a user?

I have a data lake with more than 2000 permissions that i want to revoke for some users and restart to granting again.

By the console the revoke is done one by one and it will take much time. Is there a way to revoke all permissions at once for a user?

Upvotes: 1

Views: 958

Answers (2)

Nitin G
Nitin G

Reputation: 834

A much easier way to achieve this programmatically using python SDK

import boto3

# Initialize boto3 clients for Glue and Lake Formation
glue = boto3.client('glue')
lf = boto3.client('lakeformation')

# Specify your database
my_database = '<DB_NAME>'
my_principal = 'IAM_ALLOWED_PRINCIPALS' # CHANGE THIS 

def get_all_tables(database_name):
    tables = []
    next_token = None

    while True:
        if next_token:
            response = glue.get_tables(DatabaseName=database_name, NextToken=next_token)
        else:
            response = glue.get_tables(DatabaseName=database_name)
        
        tables.extend(response['TableList'])
        next_token = response.get('NextToken')
        
        if not next_token:
            break

    return tables

def list_tables_and_check_permissions():
    # Get the list of all tables in the database
    tables = get_all_tables(my_database)

    for t in tables:
        try:
            lf.revoke_permissions(
                Principal={'DataLakePrincipalIdentifier': my_principal},
                Resource={
                    'Table': {
                        'DatabaseName': my_database,
                        'Name': t['Name']
                    }
                },
                Permissions=['ALL']
            )
            print(f"'ALL' permissions have been revoked from {my_principal} for the table: {t['Name']}")
        except:
            print(f"The following table does not have 'ALL' permissions granted to {my_principal}: {t['Name']}")
            continue

# Call the function to list tables and check permissions
list_tables_and_check_permissions()

Upvotes: 0

Aditya Abhas
Aditya Abhas

Reputation: 174

This can be done programmatically:

  1. Call ListPermissions API to get all the granted permissions.
  2. Filter permissions granted to those users.
  3. Call BatchRevokePermissions API to revoke all permissions for those users.

Upvotes: 2

Related Questions