Map Okera Access Permissions¶
To Amazon S3 Actions¶
The following table maps Okera access permissions to Amazon S3 actions.
Okera Access |
Supported Amazon S3 Actions |
Notes |
|---|---|---|
ALL |
All of the actions below | User can perform any of the supported Amazon S3 actions for objects/paths under the URI. |
SELECT |
GetObjectHeadObjectCopyObjectPutObject |
User can read files, folders, and buckets. Read access is provided for the source when a copy action is requested (CopyObject and putObject). Note: Verify the correct privileges have been assigned to perform Amazon S3 actions for the URI. For example, if you intend to use a URI to create an external table, be sure that you have SELECT privileges, otherwise, the attempt to create the table will fail. See Access Levels. |
INSERT |
CompleteMultipartUploadUploadPartAbortMultipartUploadCopyObjectPutObject |
User can write to files, folders, and buckets. Write access is also provided for the destination when a copy action is requested (CopyObject and putObject). |
SHOW |
GetBucketLocationHeadBucketListObjectsListObjectsV2 |
User can perform metadata retrieval for files, folders, and buckets. |
DELETE |
DeleteObject |
User can delete files. |
To AWS CLI Commands¶
The following table maps AWS CLI commands to Okera permissions.
CLI Command |
Okera Permissions |
Equivalent Amazon S3 Actions |
|---|---|---|
aws s3 sync pathA pathB |
SELECT pathAINSERT pathBSHOW pathB |
CopyObjectCopyObjectHeadObject |
aws s3 cp pathA pathB |
SELECT pathAINSERT pathB |
CopyObjectCopyObject |
aws s3 mv pathA pathB |
SELECT pathAINSERT pathBSELECT pathADELETE pathA |
HeadObjectCopyObjectCopyObjectDeleteObject |
aws s3api copy-object pathA pathB |
SELECT copy-sourceINSERT key |
CopyObjectCopyObject |
aws s3 is pathA |
SHOW pathA |
ListObjects |
aws s3api create-multipart-upload |
INSERT key |
CreateMultipartUpload |
aws s3api complete-multipart-upload |
INSERT key |
CompleteMultipartUpload |
aws s3api abort-multipart-upload |
INSERT key |
AbortMultipartUpload |
aws s3api head-bucket --bucket pathA |
SHOW bucket |
HeadBucket |
aws s3api head-object --bucket bucketA --key pathA |
SHOW and SELECT pathA |
HeadObject |
aws s3api list-buckets |
SHOW |
ListBuckets |
aws s3api list-multipart-uploads |
SHOW |
ListMultipartUploads |
aws s3api list-objects-v2 |
SHOW |
ListObjectsV2 |
aws s3api list-parts --key pathA |
INSERT pathA |
ListParts |
aws s3api upload-part --key pathA |
INSERT pathA |
UploadPart |
aws s3api upload-part-copy --copy-source pathA |
SELECT on pathA |
UploadPartCopy |
aws s3api upload-part-copy --key pathA |
INSERT pathA |
UploadPartCopy |
aws s3api delete-object |
DELETE |
DeleteObject |
To Spark Actions¶
The following table maps Spark actions to Okera access permissions. Equivalent Amazon S3 actions are provided.
Spark Actions |
Okera Permissions |
Equivalent S3 Actions |
|---|---|---|
spark.write.* |
INSERTSELECTDELETESHOW |
CopyObjectDeleteObjectGetObjectHeadObjectListBucket |
spark.read.* |
SHOWSELECT |
HeadObjectGetObject |