Please use the form below to provide your feedback. Because your feedback is valuable to us, the information you submit in this form is recorded in our issue tracking system (JIRA), which is publicly available. You can track the status of your feedback using the ticket number displayed in the dialog once you submit the form.

Cloud Read/Write Permissions

  • reference
    +
    This page outlines the required read and write permissions when copying data to or from external cloud providers.

    Exclusive permissions are required when reading from cloud storage using External Collections or writing to cloud storage using COPY TO statements.

    AWS Simple Storage Service (S3)

    Read Permissions

    Read permissions are needed when reading from cloud storage using External Collections. To grant the required permissions, follow these steps:

    First, create a policy that has the desired permissions:

    1. Go to the AWS Console.

    2. From the Dashboard, select IAM.

    3. Select Policies.

    4. Select Create Policy.

    5. In the Policy Editor, select JSON.

    6. Paste the following policy:

      • s3:ListBucket permission

      • s3:GetObject permission

          {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetObject"
            ],
            "Resource": "arn:aws:s3:::your-bucket-name/*"
        },
        {
            "Effect": "Allow",
            "Action": "s3:ListBucket",
            "Resource": "arn:aws:s3:::your-bucket-name"
        }
    ]
}

    7. Give the policy a name and create the policy.

    8. Attach the policy to the desired IAM User or Role.

      It grants the selected permissions to the selected resources in the policy.

    Read and Write Permissions

    Read and write permissions are needed when writing to cloud storage using COPY TO statements.

    1. Go to the AWS Console.

    2. From the Dashboard, select IAM.

    3. Select Policies.

    4. Select Create Policy.

    5. In the Policy Editor, select JSON.

    6. Paste the following policy:

      • s3:ListBucket permission

      • s3:GetObject permission

      • s3:PutObject permission

      • s3:DeleteObject permission

        {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetObject",
                "s3:PutObject",
                "s3:DeleteObject"
            ],
            "Resource": "arn:aws:s3:::your-bucket-name/*"
        },
        {
            "Effect": "Allow",
            "Action": "s3:ListBucket",
            "Resource": "arn:aws:s3:::your-bucket-name"
        }
    ]
}

    You have granted all necessary permissions.

    Microsoft Azure Blob Storage

    To grant the required permissions for using the resources in Azure Blob Storage, select the desired role:

    • Storage Blob Data Reader grants read-only permissions. This allows for only reading blobs. For more information, see Storage Blob Data Reader role.

    • Storage Blob Data Contributor grants read/write permissions. This allows reading, writing, or deleting blobs. For more information, see Storage Blob Data Contributor role.

    For more information about assigning permissions, see the Microsoft Azure documentation.