Package software.amazon.awscdk.services.dynamodb

Class TableGrants

java.lang.Object

software.amazon.jsii.JsiiObject

software.amazon.awscdk.services.dynamodb.TableGrants

All Implemented Interfaces:

software.amazon.jsii.JsiiSerializable

@Generated(value="jsii-pacmak/1.127.0 (build 2117ad5)",
           date="2026-04-02T21:55:08.828Z")
@Stability(Stable)
public class TableGrants
extends software.amazon.jsii.JsiiObject

A set of permissions to grant on a Table.

Example:

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.services.dynamodb.*;
 import software.amazon.awscdk.services.iam.*;
 import software.amazon.awscdk.interfaces.dynamodb.*;
 IEncryptedResource encryptedResource;
 IResourceWithPolicyV2 resourceWithPolicyV2;
 ITableRef tableRef;
 TableGrants tableGrants = TableGrants.Builder.create()
         .table(tableRef)
         // the properties below are optional
         .encryptedResource(encryptedResource)
         .hasIndex(false)
         .policyResource(resourceWithPolicyV2)
         .regions(List.of("regions"))
         .build();
 

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static final class	TableGrants.Builder	A fluent builder for TableGrants.

Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject

software.amazon.jsii.JsiiObject.InitializationMode

Constructor Summary

Constructors

Modifier	Constructor	Description
	TableGrants(TableGrantsProps props)
protected	TableGrants(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
protected	TableGrants(software.amazon.jsii.JsiiObjectRef objRef)

Method Summary

Modifier and Type	Method	Description
Grant	actions(IGrantable grantee, String... actions)	Adds an IAM policy statement associated with this table to an IAM principal's policy.
static TableGrants	fromTable(ITableRef table)	Creates a TableGrants object for a given table.
static TableGrants	fromTable(ITableRef table, List<String> regions)	Creates a TableGrants object for a given table.
static TableGrants	fromTable(ITableRef table, List<String> regions, Boolean hasIndex)	Creates a TableGrants object for a given table.
Grant	fullAccess(IGrantable grantee)	Permits all DynamoDB operations ("dynamodb:*") to an IAM principal.
void	multiAccountReplicationFrom(String sourceReplicaArn)	Grants permissions for this table to act as a destination for multi-account global table replication.
void	multiAccountReplicationTo(String destinationReplicaArn)	Grants permissions for this table to act as a source for multi-account global table replication.
Grant	readData(IGrantable grantee)	Permits an IAM principal all data read operations from this table: BatchGetItem, GetRecords, GetShardIterator, Query, GetItem, Scan, DescribeTable.
Grant	readWriteData(IGrantable grantee)	Permits an IAM principal to all data read/write operations to this table.
Grant	writeData(IGrantable grantee)	Permits an IAM principal all data write operations to this table: BatchWriteItem, PutItem, UpdateItem, DeleteItem, DescribeTable.

Methods inherited from class software.amazon.jsii.JsiiObject

jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface software.amazon.jsii.JsiiSerializable

$jsii$toJson

Constructor Details

TableGrants

protected TableGrants(software.amazon.jsii.JsiiObjectRef objRef)

TableGrants

protected TableGrants(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

TableGrants

@Stability(Stable)
public TableGrants(@NotNull
 TableGrantsProps props)

Parameters:

props - This parameter is required.

Method Details

fromTable

@Stability(Stable)
@NotNull
public static TableGrants fromTable(@NotNull
 ITableRef table,
 @Nullable
 List<String> regions,
 @Nullable
 Boolean hasIndex)

Creates a TableGrants object for a given table.

Parameters:

table - This parameter is required.

regions -

hasIndex -

fromTable

@Stability(Stable)
@NotNull
public static TableGrants fromTable(@NotNull
 ITableRef table,
 @Nullable
 List<String> regions)

Creates a TableGrants object for a given table.

Parameters:

table - This parameter is required.

regions -

fromTable

@Stability(Stable)
@NotNull
public static TableGrants fromTable(@NotNull
 ITableRef table)

Creates a TableGrants object for a given table.

Parameters:

table - This parameter is required.

actions

@Stability(Stable)
@NotNull
public Grant actions(@NotNull
 IGrantable grantee,
 @NotNull
 String... actions)

Adds an IAM policy statement associated with this table to an IAM principal's policy.

If encryptionKey is present, appropriate grants to the key needs to be added separately using the table.encryptionKey.grant* methods.

Parameters:

grantee - The principal (no-op if undefined). This parameter is required.

actions - The set of actions to allow (i.e. "dynamodb:PutItem", "dynamodb:GetItem", ...). This parameter is required.

fullAccess

@Stability(Stable)
@NotNull
public Grant fullAccess(@NotNull
 IGrantable grantee)

Permits all DynamoDB operations ("dynamodb:*") to an IAM principal.

Appropriate grants will also be added to the customer-managed KMS key if one was configured.

Parameters:

grantee - The principal to grant access to. This parameter is required.

multiAccountReplicationFrom

@Stability(Stable)
public void multiAccountReplicationFrom(@NotNull
 String sourceReplicaArn)

Grants permissions for this table to act as a destination for multi-account global table replication.

Parameters:

sourceReplicaArn - The ARN of the source replica table in the other account. This parameter is required.

multiAccountReplicationTo

@Stability(Stable)
public void multiAccountReplicationTo(@NotNull
 String destinationReplicaArn)

Grants permissions for this table to act as a source for multi-account global table replication.

Parameters:

destinationReplicaArn - The ARN of the destination replica table in the other account. This parameter is required.

readData

@Stability(Stable)
@NotNull
public Grant readData(@NotNull
 IGrantable grantee)

Permits an IAM principal all data read operations from this table: BatchGetItem, GetRecords, GetShardIterator, Query, GetItem, Scan, DescribeTable.

Appropriate grants will also be added to the customer-managed KMS key if one was configured.

Parameters:

grantee - The principal to grant access to. This parameter is required.

readWriteData

@Stability(Stable)
@NotNull
public Grant readWriteData(@NotNull
 IGrantable grantee)

Permits an IAM principal to all data read/write operations to this table.

BatchGetItem, GetRecords, GetShardIterator, Query, GetItem, Scan, BatchWriteItem, PutItem, UpdateItem, DeleteItem, DescribeTable

Appropriate grants will also be added to the customer-managed KMS key if one was configured.

Parameters:

grantee - The principal to grant access to. This parameter is required.

writeData

@Stability(Stable)
@NotNull
public Grant writeData(@NotNull
 IGrantable grantee)

Permits an IAM principal all data write operations to this table: BatchWriteItem, PutItem, UpdateItem, DeleteItem, DescribeTable.

Appropriate grants will also be added to the customer-managed KMS key if one was configured.

Parameters:

grantee - The principal to grant access to. This parameter is required.