This is the new *CloudFormation Template Reference Guide*. Please update your bookmarks and links. For help getting started with CloudFormation, see the [AWS CloudFormation User Guide](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html). # AWS::LakeFormation::Permissions The `AWS::LakeFormation::Permissions` resource represents the permissions that a principal has on an AWS Glue Data Catalog resource (such as AWS Glue database or AWS Glue tables). When you upload a permissions stack, the permissions are granted to the principal and when you remove the stack, the permissions are revoked from the principal. If you remove a stack, and the principal does not have the permissions referenced in the stack then AWS Lake Formation will throw an error because you can’t call revoke on non-existing permissions. To successfully remove the stack, you’ll need to regrant those permissions and then remove the stack. **Note** New versions of AWS Lake Formation permission resources are now available. For more information, see: [AWS:LakeFormation::PrincipalPermissions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lakeformation-principalpermissions.html) ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "Type" : "AWS::LakeFormation::Permissions", "Properties" : { "[DataLakePrincipal](#cfn-lakeformation-permissions-datalakeprincipal)" : {{DataLakePrincipal}}, "[Permissions](#cfn-lakeformation-permissions-permissions)" : {{[ String, ... ]}}, "[PermissionsWithGrantOption](#cfn-lakeformation-permissions-permissionswithgrantoption)" : {{[ String, ... ]}}, "[Resource](#cfn-lakeformation-permissions-resource)" : {{Resource}} } } ``` ### YAML ``` Type: AWS::LakeFormation::Permissions Properties: [DataLakePrincipal](#cfn-lakeformation-permissions-datalakeprincipal): {{ DataLakePrincipal}} [Permissions](#cfn-lakeformation-permissions-permissions): {{ - String}} [PermissionsWithGrantOption](#cfn-lakeformation-permissions-permissionswithgrantoption): {{ - String}} [Resource](#cfn-lakeformation-permissions-resource): {{ Resource}} ``` ## Properties `DataLakePrincipal` The AWS Lake Formation principal. *Required*: Yes *Type*: [DataLakePrincipal](aws-properties-lakeformation-permissions-datalakeprincipal.md) *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `Permissions` The permissions granted or revoked. *Required*: No *Type*: Array of String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `PermissionsWithGrantOption` Indicates the ability to grant permissions (as a subset of permissions granted). *Required*: No *Type*: Array of String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Resource` A structure for the resource. *Required*: Yes *Type*: [Resource](aws-properties-lakeformation-permissions-resource.md) *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) ## Return values ### Fn::GetAtt #### `Id` A unique identifier for the batch permissions request entry.