If you need to grant the same permissions to multiple users, you can use roles for authorization. A role allows you to define a set of permissions. Role-based authorization can simplify the workflow and reduce management costs. This topic describes how to manage roles in Data Lake Formation (DLF).
RAM users must have the admin (data lake administrator) or super_administrator (super administrator) permissions to perform role-related operations.
View the role list
Log on to the DLF console.
In the left-side navigation pane, choose to view role list information.
System built-in roles:
admin (data lake administrator): Has all database permissions and authorization permissions in DLF.
super_administrator (super administrator): Has all database permissions and authorization permissions in DLF and can modify admin users.
Create a role
On the Role page, click Create Role.
Enter Role Name, Role Display Name, and Description, and click OK.
Assign users to a role
On the Role page, click Add User in the Actions column of the role to assign users to the role. For more information, see Add permissions.
Grant permissions to a role
On the Role page, click Add Permission in the Actions column of the role to grant database permissions to the role. For more information, see Add permissions.