When you need to grant the same set of permissions to multiple RAM users, create a role and assign those users to it. This lets you manage access in one place instead of configuring permissions for each user individually. This topic describes how to view, create, and configure roles in Data Lake Formation (DLF).
Prerequisites
Before you begin, ensure that you have:
-
A RAM user account with the
admin(data lake administrator) orsuper_administrator(super administrator) role in DLF
RAM users must have the admin (data lake administrator) or super_administrator (super administrator) permissions to perform role-related operations.
Built-in roles
DLF includes two system roles:
| Role | Capabilities |
|---|---|
admin (data lake administrator) |
Has all database permissions and authorization permissions in DLF |
super_administrator (super administrator) |
Has all database permissions and authorization permissions in DLF; modify admin users |
View the role list
-
Log on to the DLF console.
-
In the left-side navigation pane, choose Data Permission > Role.
Create a role
-
On the Role page, click Create Role.
-
Enter the Role Name, Role Display Name, and Description, then click OK.
Assign users to a role
On the Role page, click Add User in the Actions column of the target role. For more information, see Add permissions.
Grant permissions to a role
On the Role page, click Add Permission in the Actions column of the target role. For more information, see Add permissions.