Package software.amazon.awscdk.services.dynamodb

Class TableGrants

java.lang.Object
software.amazon.jsii.JsiiObject
software.amazon.awscdk.services.dynamodb.TableGrants
All Implemented Interfaces:
software.amazon.jsii.JsiiSerializable
@Generated(value="jsii-pacmak/1.119.0 (build 1634eac)", date="2025-11-20T23:37:18.560Z") @Stability(Stable) public class TableGrants extends software.amazon.jsii.JsiiObject
A set of permissions to grant on a Table.

Example: 

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.services.dynamodb.*;
 import software.amazon.awscdk.services.iam.*;
 import software.amazon.awscdk.interfaces.dynamodb.*;
 IEncryptedResource encryptedResource;
 IResourceWithPolicyV2 resourceWithPolicyV2;
 ITableRef tableRef;
 TableGrants tableGrants = TableGrants.Builder.create()
         .table(tableRef)
         // the properties below are optional
         .encryptedResource(encryptedResource)
         .hasIndex(false)
         .policyResource(resourceWithPolicyV2)
         .regions(List.of("regions"))
         .build();

  • Nested Class Summary

    Nested Classes
    Modifier and Type
    Class
    Description
    static final class 
    TableGrants.Builder
    A fluent builder for TableGrants.

    Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject

    software.amazon.jsii.JsiiObject.InitializationMode

  • Constructor Summary

    Constructors
    Modifier
    Constructor
    Description
     
    TableGrants(TableGrantsProps props)
     
    protected
    TableGrants(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
     
    protected
    TableGrants(software.amazon.jsii.JsiiObjectRef objRef)
     

  • Method Summary

    Modifier and Type
    Method
    Description
    Grant
    actions(IGrantable grantee, String... actions)
    Adds an IAM policy statement associated with this table to an IAM principal's policy.
    Grant
    fullAccess(IGrantable grantee)
    Permits all DynamoDB operations ("dynamodb:*") to an IAM principal.
    Grant
    readData(IGrantable grantee)
    Permits an IAM principal all data read operations from this table: BatchGetItem, GetRecords, GetShardIterator, Query, GetItem, Scan, DescribeTable.
    Grant
    readWriteData(IGrantable grantee)
    Permits an IAM principal to all data read/write operations to this table.
    Grant
    writeData(IGrantable grantee)
    Permits an IAM principal all data write operations to this table: BatchWriteItem, PutItem, UpdateItem, DeleteItem, DescribeTable.

    Methods inherited from class software.amazon.jsii.JsiiObject

    jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    Methods inherited from interface software.amazon.jsii.JsiiSerializable

    $jsii$toJson

  • Constructor Details

    • TableGrants

      protected TableGrants(software.amazon.jsii.JsiiObjectRef objRef)

    • TableGrants

      protected TableGrants(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

    • TableGrants

      @Stability(Stable) public TableGrants(@NotNull TableGrantsProps props)
      Parameters:
      props - This parameter is required.

  • Method Details

    • actions

      @Stability(Stable) @NotNull public Grant actions(@NotNull IGrantable grantee, @NotNull String... actions)
      Adds an IAM policy statement associated with this table to an IAM principal's policy.

      If encryptionKey is present, appropriate grants to the key needs to be added separately using the table.encryptionKey.grant* methods.

      Parameters:
      grantee - The principal (no-op if undefined). This parameter is required.
      actions - The set of actions to allow (i.e. "dynamodb:PutItem", "dynamodb:GetItem", ...). This parameter is required.

    • fullAccess

      @Stability(Stable) @NotNull public Grant fullAccess(@NotNull IGrantable grantee)
      Permits all DynamoDB operations ("dynamodb:*") to an IAM principal.

      Appropriate grants will also be added to the customer-managed KMS key if one was configured.

      Parameters:
      grantee - The principal to grant access to. This parameter is required.

    • readData

      @Stability(Stable) @NotNull public Grant readData(@NotNull IGrantable grantee)
      Permits an IAM principal all data read operations from this table: BatchGetItem, GetRecords, GetShardIterator, Query, GetItem, Scan, DescribeTable.

      Appropriate grants will also be added to the customer-managed KMS key if one was configured.

      Parameters:
      grantee - The principal to grant access to. This parameter is required.

    • readWriteData

      @Stability(Stable) @NotNull public Grant readWriteData(@NotNull IGrantable grantee)
      Permits an IAM principal to all data read/write operations to this table.

      BatchGetItem, GetRecords, GetShardIterator, Query, GetItem, Scan, BatchWriteItem, PutItem, UpdateItem, DeleteItem, DescribeTable

      Appropriate grants will also be added to the customer-managed KMS key if one was configured.

      Parameters:
      grantee - The principal to grant access to. This parameter is required.

    • writeData

      @Stability(Stable) @NotNull public Grant writeData(@NotNull IGrantable grantee)
      Permits an IAM principal all data write operations to this table: BatchWriteItem, PutItem, UpdateItem, DeleteItem, DescribeTable.

      Appropriate grants will also be added to the customer-managed KMS key if one was configured.

      Parameters:
      grantee - The principal to grant access to. This parameter is required.