Split Datasources - AWS Athena

Issue Summary

I am working with a Redash service hosted on AWS (us-east-1) and connected Athena as a Datasource.
I want to give permissions to users for specific tables (depending on the permissions in my application). Is there a way to do this ? Maybe there is a way to create an Athena datasource configured to a specific dataset/table in Glue

Technical details:

  • Redash Version: 8.0.0
  • Ubuntu machine
  • How did you install Redash: using the AWS AMI [ami-0d915a031cabac0e0] us-east-1

Redash permission are based on group-membership. Data sources belong to groups. Members of those groups can query data sources to which they have access.

If you need table-level permissions you have to use the database itself and coordinate this with your data sources in Redash. I’m not sure how familiar anyone on this forum is with the specifics of Athena permissions. Have you checked their docs?

1 Like

I understand that the Redash permissions are based on groups
I will add the data sources to groups and add the users to the groups accordingly

My question is how can I specify in the Athena data source only a certain table / database
From what I understand this should be enabled from the Schema Name option in the data source configuration, but it did not work for me.

Can you say more about what you entered into the schema name field? What did you expect to happen? What happened instead?

I don’t think that field in the setup serves as a restriction, exactly. It’s there to make querying easier.

I tried setting the database name, the table name, combination of them both
but with all i got the same result - I have access to all the tables in AWS Glue. I want to have a Redash data source for each table I have in Glue

For this you need to have many IAM users: each with permission to view one table. Then you will create a data source in Redash for each IAM user. This is what I referred to when I wrote above:

If you need table-level permissions you have to use the database itself and coordinate this with your data sources in Redash.

1 Like

Hi,
You need to create separate workgroups in Athena itself for this and attach each workgroup to a user. Give permissions on iam level to users so they will have access to only some tables and database in glue catalog and specifying workgroups will help separate out business usecases and also scan costs in athena.

3 Likes

@Shitij is exactly right.