Prerequisites for granting permissions using attributes - AWS Lake Formation
Services or capabilities described in AWS documentation might vary by Region. To see the differences applicable to the AWS European Sovereign Cloud Region, see the AWS European Sovereign Cloud User Guide.

Prerequisites for granting permissions using attributes

To grant permissions using attribute-based access control (ABAC), you must complete the following prerequisites:

  • Update the Data Catalog settings to enable Lake Formation permissions for Data Catalog objects. For more information, see the Change the default permission model or use hybrid access mode section.

  • Set the cross-account version settings to two or higher.

  • Attach attributes to the IAM entities that require access.

  • Only a data lake administrator or an IAM user with the required permissions can grant access on Data Catalog objects. For more information on required permissions, see IAM permissions.