# GrantPermissions
<a name="API_GrantPermissions"></a>

Grants permissions to the principal to access metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3.

For information about permissions, see [Security and Access Control to Metadata and Data](https://docs.aws.amazon.com/lake-formation/latest/dg/security-data-access.html).

## Request Syntax
<a name="API_GrantPermissions_RequestSyntax"></a>

```
POST /GrantPermissions HTTP/1.1
Content-type: application/json

{
   "CatalogId": "string",
   "Condition": { 
      "Expression": "string"
   },
   "Permissions": [ "string" ],
   "PermissionsWithGrantOption": [ "string" ],
   "Principal": { 
      "DataLakePrincipalIdentifier": "string"
   },
   "Resource": { 
      "Catalog": { 
         "Id": "string"
      },
      "Database": { 
         "CatalogId": "string",
         "Name": "string"
      },
      "DataCellsFilter": { 
         "DatabaseName": "string",
         "Name": "string",
         "TableCatalogId": "string",
         "TableName": "string"
      },
      "DataLocation": { 
         "CatalogId": "string",
         "ResourceArn": "string"
      },
      "LFTag": { 
         "CatalogId": "string",
         "TagKey": "string",
         "TagValues": [ "string" ]
      },
      "LFTagExpression": { 
         "CatalogId": "string",
         "Name": "string"
      },
      "LFTagPolicy": { 
         "CatalogId": "string",
         "Expression": [ 
            { 
               "TagKey": "string",
               "TagValues": [ "string" ]
            }
         ],
         "ExpressionName": "string",
         "ResourceType": "string"
      },
      "Table": { 
         "CatalogId": "string",
         "DatabaseName": "string",
         "Name": "string",
         "TableWildcard": { 
         }
      },
      "TableWithColumns": { 
         "CatalogId": "string",
         "ColumnNames": [ "string" ],
         "ColumnWildcard": { 
            "ExcludedColumnNames": [ "string" ]
         },
         "DatabaseName": "string",
         "Name": "string"
      }
   }
}
```

## URI Request Parameters
<a name="API_GrantPermissions_RequestParameters"></a>

The request does not use any URI parameters.

## Request Body
<a name="API_GrantPermissions_RequestBody"></a>

The request accepts the following data in JSON format.

 ** [CatalogId](#API_GrantPermissions_RequestSyntax) **   <a name="lakeformation-GrantPermissions-request-CatalogId"></a>
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your AWS Lake Formation environment.   
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 255.  
Pattern: `[\u0020-\uD7FF\uE000-\uFFFD\uD800\uDC00-\uDBFF\uDFFF\t]*`   
Required: No

 ** [Condition](#API_GrantPermissions_RequestSyntax) **   <a name="lakeformation-GrantPermissions-request-Condition"></a>
A Lake Formation condition, which applies to permissions and opt-ins that contain an expression.  
Type: [Condition](API_Condition.md) object  
Required: No

 ** [Permissions](#API_GrantPermissions_RequestSyntax) **   <a name="lakeformation-GrantPermissions-request-Permissions"></a>
The permissions granted to the principal on the resource. AWS Lake Formation defines privileges to grant and revoke access to metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3. Lake Formation requires that each principal be authorized to perform a specific task on Lake Formation resources.   
Type: Array of strings  
Valid Values: `ALL | SELECT | ALTER | DROP | DELETE | INSERT | DESCRIBE | CREATE_DATABASE | CREATE_TABLE | DATA_LOCATION_ACCESS | CREATE_LF_TAG | ASSOCIATE | GRANT_WITH_LF_TAG_EXPRESSION | CREATE_LF_TAG_EXPRESSION | CREATE_CATALOG | SUPER_USER`   
Required: Yes

 ** [PermissionsWithGrantOption](#API_GrantPermissions_RequestSyntax) **   <a name="lakeformation-GrantPermissions-request-PermissionsWithGrantOption"></a>
Indicates a list of the granted permissions that the principal may pass to other users. These permissions may only be a subset of the permissions granted in the `Privileges`.  
Type: Array of strings  
Valid Values: `ALL | SELECT | ALTER | DROP | DELETE | INSERT | DESCRIBE | CREATE_DATABASE | CREATE_TABLE | DATA_LOCATION_ACCESS | CREATE_LF_TAG | ASSOCIATE | GRANT_WITH_LF_TAG_EXPRESSION | CREATE_LF_TAG_EXPRESSION | CREATE_CATALOG | SUPER_USER`   
Required: No

 ** [Principal](#API_GrantPermissions_RequestSyntax) **   <a name="lakeformation-GrantPermissions-request-Principal"></a>
The principal to be granted the permissions on the resource. Supported principals are IAM users or IAM roles, and they are defined by their principal type and their ARN.  
Note that if you define a resource with a particular ARN, then later delete, and recreate a resource with that same ARN, the resource maintains the permissions already granted.   
Type: [DataLakePrincipal](API_DataLakePrincipal.md) object  
Required: Yes

 ** [Resource](#API_GrantPermissions_RequestSyntax) **   <a name="lakeformation-GrantPermissions-request-Resource"></a>
The resource to which permissions are to be granted. Resources in AWS Lake Formation are the Data Catalog, databases, and tables.  
Type: [Resource](API_Resource.md) object  
Required: Yes

## Response Syntax
<a name="API_GrantPermissions_ResponseSyntax"></a>

```
HTTP/1.1 200
```

## Response Elements
<a name="API_GrantPermissions_ResponseElements"></a>

If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

## Errors
<a name="API_GrantPermissions_Errors"></a>

For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** ConcurrentModificationException **   
Two processes are trying to modify a resource simultaneously.    
 ** Message **   
A message describing the problem.
HTTP Status Code: 400

 ** EntityNotFoundException **   
A specified entity does not exist.    
 ** Message **   
A message describing the problem.
HTTP Status Code: 400

 ** InvalidInputException **   
The input provided was not valid.    
 ** Message **   
A message describing the problem.
HTTP Status Code: 400

## See Also
<a name="API_GrantPermissions_SeeAlso"></a>

For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/lakeformation-2017-03-31/GrantPermissions) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/lakeformation-2017-03-31/GrantPermissions) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/lakeformation-2017-03-31/GrantPermissions) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/lakeformation-2017-03-31/GrantPermissions) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/lakeformation-2017-03-31/GrantPermissions) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/lakeformation-2017-03-31/GrantPermissions) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/lakeformation-2017-03-31/GrantPermissions) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/lakeformation-2017-03-31/GrantPermissions) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/lakeformation-2017-03-31/GrantPermissions) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/lakeformation-2017-03-31/GrantPermissions)