HEX
Server: Apache/2.4.41 (Ubuntu)
System: Linux ip-172-31-42-149 5.15.0-1084-aws #91~20.04.1-Ubuntu SMP Fri May 2 07:00:04 UTC 2025 aarch64
User: ubuntu (1000)
PHP: 7.4.33
Disabled: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
Upload Files
File: //proc/self/root/usr/local/aws-cli/v2/dist/awscli/examples/lakeformation/list-permissions.rst
**Example 1: To retrieve list of principal permissions on the resource**

The following ``list-permissions`` example returns a list of principal permissions on the database resources. ::

    aws lakeformation list-permissions \
        --cli-input-json file://input.json

Contents of ``input.json``::

    {
        "CatalogId": "123456789111",
        "ResourceType": "DATABASE",
        "MaxResults": 2
    }

Output::

    {
        "PrincipalResourcePermissions": [{
            "Principal": {
                "DataLakePrincipalIdentifier": "arn:aws:iam::123456789111:user/lf-campaign-manager"
            },
            "Resource": {
                "Database": {
                    "CatalogId": "123456789111",
                    "Name": "tpc"
                }
            },
            "Permissions": [
                "DESCRIBE"
            ],
            "PermissionsWithGrantOption": []
        }],
        "NextToken": "E5SlJDSTZleUp6SWpvaU9UQTNORE0zTXpFeE5Ua3pJbjE5TENKbGVIQnBjbUYwYVc5dUlqcDdJbk5sWTI5dVpITWlPakUyTm"
    }

For more information, see `Managing Lake Formation permissions <https://docs.aws.amazon.com/lake-formation/latest/dg/managing-permissions.html>`__ in the *AWS Lake Formation Developer Guide*.

**Example 2: To retrieve list of principal permissions on the table with data filters**

The following ``list-permissions`` example list the permissions on the table with related data filters granted to the principal. ::

    aws lakeformation list-permissions \
        --cli-input-json file://input.json

Contents of ``input.json``::

    {
        "CatalogId": "123456789111",
        "Resource": {
            "Table": {
                "CatalogId": "123456789111",
                "DatabaseName": "tpc",
                "Name": "dl_tpc_customer"
            }
        },
        "IncludeRelated": "TRUE",
        "MaxResults": 10
    }

Output::

    {
        "PrincipalResourcePermissions": [{
                "Principal": {
                    "DataLakePrincipalIdentifier": "arn:aws:iam::123456789111:role/Admin"
                },
                "Resource": {
                    "Table": {
                        "CatalogId": "123456789111",
                        "DatabaseName": "customer",
                        "Name": "customer_invoice"
                    }
                },
                "Permissions": [
                    "ALL",
                    "ALTER",
                    "DELETE",
                    "DESCRIBE",
                    "DROP",
                    "INSERT"
                ],
                "PermissionsWithGrantOption": [
                    "ALL",
                    "ALTER",
                    "DELETE",
                    "DESCRIBE",
                    "DROP",
                    "INSERT"
                ]
            },
            {
                "Principal": {
                    "DataLakePrincipalIdentifier": "arn:aws:iam::123456789111:role/Admin"
                },
                "Resource": {
                    "TableWithColumns": {
                        "CatalogId": "123456789111",
                        "DatabaseName": "customer",
                        "Name": "customer_invoice",
                        "ColumnWildcard": {}
                    }
                },
                "Permissions": [
                    "SELECT"
                ],
                "PermissionsWithGrantOption": [
                    "SELECT"
                ]
            },
            {
                "Principal": {
                    "DataLakePrincipalIdentifier": "arn:aws:iam::123456789111:role/Admin"
                },
                "Resource": {
                    "DataCellsFilter": {
                        "TableCatalogId": "123456789111",
                        "DatabaseName": "customer",
                        "TableName": "customer_invoice",
                        "Name": "dl_us_customer"
                    }
                },
                "Permissions": [
                    "DESCRIBE",
                    "SELECT",
                    "DROP"
                ],
                "PermissionsWithGrantOption": []
            }
        ],
        "NextToken": "VyeUFjY291bnRQZXJtaXNzaW9ucyI6ZmFsc2V9"
    }

For more information, see `Managing Lake Formation permissions <https://docs.aws.amazon.com/lake-formation/latest/dg/managing-permissions.html>`__ in the *AWS Lake Formation Developer Guide*.

**Example 3: To retrieve list of principal permissions on the LF-Tags**

The following ``list-permissions`` example list the permissions on the LF-Tags granted to the principal. ::

    aws lakeformation list-permissions \
        --cli-input-json file://input.json

Contents of ``input.json``::

    {
        "CatalogId": "123456789111",
        "Resource": {
            "LFTag": {
                "CatalogId": "123456789111",
                "TagKey": "category",
                "TagValues": [
                    "private"
                ]
            }
        },
        "MaxResults": 10
    }

Output::

    {
        "PrincipalResourcePermissions": [{
                "Principal": {
                    "DataLakePrincipalIdentifier": "arn:aws:iam::123456789111:user/lf-admin"
                },
                "Resource": {
                    "LFTag": {
                        "CatalogId": "123456789111",
                        "TagKey": "category",
                        "TagValues": [
                            "*"
                        ]
                    }
                },
                "Permissions": [
                    "DESCRIBE"
                ],
                "PermissionsWithGrantOption": [
                    "DESCRIBE"
                ]
            },
            {
                "Principal": {
                    "DataLakePrincipalIdentifier": "arn:aws:iam::123456789111:user/lf-admin"
                },
                "Resource": {
                    "LFTag": {
                        "CatalogId": "123456789111",
                        "TagKey": "category",
                        "TagValues": [
                            "*"
                        ]
                    }
                },
                "Permissions": [
                    "ASSOCIATE"
                ],
                "PermissionsWithGrantOption": [
                    "ASSOCIATE"
                ]
            }
        ],
        "NextToken": "EJwY21GMGFXOXVJanA3SW5Ocm1pc3Npb25zIjpmYWxzZX0="
    }

For more information, see `Managing Lake Formation permissions <https://docs.aws.amazon.com/lake-formation/latest/dg/managing-permissions.html>`__ in the *AWS Lake Formation Developer Guide*.