While providing Dataset Level Access for a domain to users and groups, it is not providing the access. It is providing part of the datasets inside that domain before the error occurs. But it's not reverting back to these permissions when the error happens.
Affected Versions: 1.13, 1.14, 2.0, 2.1, 2.1.1
Fix Version: 2.2
Root cause(s)
Providing Dataset Level Access is failing if there is a non-registered Lakeformation dataset. If a LF dataset is not registered, it won't have tables created in Lakeformation. While trying to provide access to a non-existing table, it gives this error: An error occurred (InvalidInputException) when calling the GrantPermissions operation: Table not found.
Impact
- Users will not get Dataset Level Access on Domains
- Dataset Permissions mismatch between redshift and dynamodb
Mitigation
Make sure only 'RegistrationStatus' completed LF datasets are considered for Dataset Level Access.
Timeline
- 2023-04-26: Bug reported/identified (CLOUD-3209)
- 2023-04-26: Bug triaged
- 2023-05-11: Bug fixed