AWS::LakeFormation::PrincipalPermissions DataCellsFilterResource missing properties

[Sevi7]

Name of the resource

Other

Resource Name

AWS::LakeFormation::PrincipalPermissions

Issue Description

DataCellsFilterResource struct in CloudFormation has the following properties:

{
  "DatabaseName" : String,
  "Name" : String,
  "TableCatalogId" : String,
  "TableName" : String
}

The issue is that there is no property to specify a row filter expression. I think there should be a property that recognizes this format: PartiQL support in row filter expressions.

Also ColumnNames and ColumnWildcard properties from TableWithColumnsResource are missing because cell filtering is when you include or exclude specific columns and also provide a row filter expression. Source: Data filters

Expected Behavior

• A row filter property in DataCellsFilterResource struct that supports PartiQL format.

• ColumnNames and ColumnWildcard from TableWithColumnsResource are also missing in DataCellsFilterResource.

With these three properties we would be able to establish cell-level security (cell filtering).

Useful documentation about Data filters that states the following:

The level of filtering that you get depends on how you populate the data filter.

• When you specify the "all columns" wildcard and provide a row filter expression, you are establishing row-level security (row filtering) only.
• When you include or exclude specific columns and specify "all rows" using the all-rows wildcard, you are establishing column-level security (column filtering) only.
• When you include or exclude specific columns and also provide a row filter expression, you are establishing cell-level security (cell filtering).

According to the above we could also be missing a RowFilterResource in CloudFormation.

Observed Behavior

Missing properties in DataCellsFilterResource struct.

Test Cases

Test row filtering and cell filtering.

Other Details

No response