- Newest
- Most votes
- Most comments
Hello,
I understand that you are getting below mentioned error while querying one of FDV tables via Query Editor.
Error: SQL Error [XX000]: ERROR: Datasharing Error: Unauthorized
Detail: |
---|
error: Datasharing Error: Unauthorized |
code: 16000 |
context: |
query: 0 |
location: redcat_client_api.cpp:873 |
process: padbmaster [pid=1073840395] |
----------------------------------------------- |
While you are able to query same tables via Athena directly.
I would like to inform you that the above mentioned error can occur due to one of the following reasons.
1.) You may not have granted permissions to resource links [1]. Please review the documentation and follow the detailed steps to grant the necessary permissions.
Steps to grant permissions: • Under the Data Locations tab in Lake Formation console, Select Resource Link table you created in the previous steps and click on Grant under Permissions in Actions Dropdown. • Select your IAM user or role • Select your intended Database and table • Select Describe permission under Resource link permissions and click on Grant button • Now that you gave Describe permission to Resource link, we now need to give the user Select to the Target table pointing to the resource link • Click on same Resource link table you created in the previous steps, but this time click on Grant on target under Permissions in Action Dropdown. • Select the same role • Select a target table • Select under Table permissions, leave All data access under Data permissions and click on *Grant button
Once you have done the above, you should now be able to query the table from Redshift.
2.) You have not granted access for the underlying data of a shared table.
Please ensure that you have followed the steps of the below referenced document. [2]
3.) You have not provisioned appropriate permissions for your spectrum role.
Please ensure that you have created a spectrum role with the appropriate permissions by following the document referenced here. [3]
References:
[1] https://catalog.us-east-1.prod.workshops.aws/workshops/78572df7-d2ee-4f78-b698-7cafdb55135d/en-US/lakeformation-basics/cross-account-data-mesh/grant-permissions-to-resource-links [2] Accessing the underlying data of a shared table - https://docs.aws.amazon.com/lake-formation/latest/dg/cross-account-read-data.html [3] Create an IAM role for Amazon Redshift - https://docs.aws.amazon.com/redshift/latest/dg/c-getting-started-using-spectrum-create-role.html
That being said, if you would like resource based troubleshooting, please raise a support case with AWS for further information and we will get back to you with on the support case.
Thank you!
Relevant content
- asked a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated 2 months ago