Identity Policy Examples for Database Permissions

  • Updated on Jan 30, 2026
  • Published on Jan 28, 2026
  • 3 minute(s) read
Prev Next

Example 1: Provide full access to a specific bucket / database

In the VAST DB, providing permissions to a database, involves providing access to bucket level operations and to object level operations, in order to achieve a full access to a specific database.

In the Identity Policy, the Resource element of the statement has the form:

"Resource": ["vastdb-bucket/*"] - grants permissions for all object level operations

"Resource": ["vastdb-bucket"] - grants permissions for a bucket level operations (such as list schemas)

A combination of these two statements as part of the same policy, collectively grant permissions to both the bucket itself and its objects:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": " Read Only All Tabular resources Under Specific Schema ",
      "Effect": "Allow",
      "Action": "s3:*",
      "Resource":  ["my_bucket, my_bucket/*"]
    }
     ]
}

Example 2: Vast DB Read-Only

This example shows Read-Only permissions (list and query) on a schema:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": " Read Only All Tabular resources Under Specific Schema ",
      "Effect": "Allow",
      "Action": "s3:TabularList*",
      "Resource":  ["my_bucket/my_schema/*"]
    },
    {
      "Sid": " Allow Query Data ",
      "Effect": "Allow",
      "Action": "s3:TabularQueryData*",
      "Resource":  ["my_bucket/my_schema/*"]
    }
     ]
}

Example 3: Full access for all Tabular operations and buckets, at bucket level only

This example shows full access for all resources

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Read_Write_All_DB",
            "Effect": "Allow",
            "Action": "s3:Tabular*",
            "Resource":  ["*"]
        }

    ]
}

Example 4: VAST DB modify schema

This example grants full access to a schema in the database.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Read_Write_All_DB",
            "Effect": "Allow",
            "Action": "s3:Tabular*",
            "Resource":  ["my_bucket/my_schema/*"]
        }

    ]
}

Example 5: VAST DB + S3 Read/Write, full bucket-level access to all buckets

This example shows full bucket-level access to all bucket resources.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Read_Write_All",
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource":  ["*"]
        }

    ]
}

Example 6: List tables and columns of a specific database table

This example shows access to list tables and columns for a specific table in a schema.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:TabularListTables",
      "Resource": "my_bucket/my_schema/my_table"
    },
    {
      "Effect": "Allow",
      "Action": "s3:TabularListColumns",
      "Resource": "my_bucket/my_schema/my_table"
    }
  ]
}

Example 7: Delete table rows

This example shows permissions to delete rows in a specific database table.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Allow_Query",
            "Effect": "Allow",
            "Action": "s3:TabularQueryData",
            "Resource":  ["my_bucket/my_schema/my_table"]
        },
        {            
            "Sid": "Allow_Delete_Row",
            "Effect": "Allow",
            "Action": "s3:TabularDeleteRows",
            "Resource":  ["my_bucket/my_schema/my_table"]
        },
        {           "Sid": "Allow_List_Columns",
            "Effect": "Allow",
            "Action": "s3:TabularListColumns",
            "Resource":  ["my_bucket/my_schema/my_table"]
        }
    ]
}
Related articles