ReadonlydatabaseOptional ReadonlydatabaseReadonlydatabaseLake Formation permissions to grant at the database level. Resolved from PermissionsConfig ('read'/'write'/'super') in app config to actual permission arrays.
Use cases: Database read/write/super access; Database-level governance
AWS: Lake Formation database permissions (DESCRIBE, CREATE_TABLE, ALTER, DROP)
Validation: Required; array of valid Lake Formation permission strings
ReadonlyprincipalsNamed principals who will receive the specified permissions. References principals defined in the principals configuration section.
Use cases: Principal-based permission assignment; Multi-principal grants; Organized access control
AWS: Lake Formation grant recipients (federated users/groups, IAM roles)
Validation: Required; valid NamedPrincipalProps; principals must be resolvable
Optional ReadonlytableOptional ReadonlytableLake Formation permissions to grant at the table level. Resolved from PermissionsConfig in app config to actual permission arrays.
Use cases: Table read/write/super access; Fine-grained table governance
AWS: Lake Formation table permissions (SELECT, DESCRIBE, INSERT, DELETE, ALTER, DROP)
Validation: Optional; array of valid Lake Formation permission strings
Optional ReadonlytablesTable names within the database for table-level grants. Use '*' to grant on all tables. If omitted, only database-level permissions apply.
Use cases: Table-level access control; Selective table permissions; Wildcard table grants
AWS: Glue table names for Lake Formation table-level grants
Validation: Optional; array of existing table names or '*'
Target Glue database name for the Lake Formation grant. The database must already exist in the Glue Catalog before grant creation.
Use cases: Database-scoped permissions; Grant target specification; Data governance scope
AWS: Glue database for Lake Formation grant application
Validation: Required; must be an existing Glue database name