# Lake Formation Quicksight Group permissions
This tool grant permissions to the quicksight groups to access Shared Data Lake resources as follows
- Student Engagement
- CRM
- Blackboard

### Common Variables
This cell defines the QuickSight group to provide permissions

In [None]:
# Quicksight_group_name = "Student-Systems-Author"
Quicksight_group_name = "Product-Devs-Author"

### Common Functions
Make sure to run this cell to initialize the functions

In [None]:
import boto3


def dest_grant_permissions_to_quicksight_group_on_database_table(
    dest_database_name, dest_table_name, dest_quicksight_group_arn, dest_lakeformation
):
    """Function to grant access permissions to quicksight group on databases and tables in destination account"""

    print(f"Granting access permissions to quicksight group on {dest_database_name} and {dest_table_name}")
    dest_lakeformation.grant_permissions(
        Principal={"DataLakePrincipalIdentifier": dest_quicksight_group_arn},
        Resource={"Database": {"Name": dest_database_name}},
        Permissions=["DESCRIBE"],
        PermissionsWithGrantOption=[],
    )

    dest_lakeformation.grant_permissions(
        Principal={"DataLakePrincipalIdentifier": dest_quicksight_group_arn},
        Resource={"Table": {"DatabaseName": dest_database_name, "Name": dest_table_name}},
        Permissions=["DESCRIBE"],
        PermissionsWithGrantOption=[],
    )

def dest_grant_permissions_to_quicksight_group_On_shared_table(
    source_account_id, dest_quicksight_group_arn, source_database_name, source_table_name, dest_lakeformation
):
    """Function to grant access permissions to quicksight role on shared table from source account"""

    print(f"Granting access permissions to quicksight role on shared table {source_table_name}")
    return dest_lakeformation.grant_permissions(
        Principal={"DataLakePrincipalIdentifier": dest_quicksight_group_arn},
        Resource={
            "Table": {"CatalogId": source_account_id, "DatabaseName": source_database_name, "Name": source_table_name}
        },
        Permissions=["DESCRIBE", "SELECT"],
        PermissionsWithGrantOption=[],
    )


## Student Engagement

### Student Engagement Prod

In [None]:
source_account_id = "614744184116"
source_database_name = "student_engagement_db"
source_table_name = "student_engagement_risk_levels"

dest_profile_name= "analytics-prod"

dest_database_name = "student_engagement_db"
dest_table_name = "student_engagement_risk_levels"
dest_quicksight_group_arn = "arn:aws:quicksight:ap-southeast-2:271821871271:group/default/" + Quicksight_group_name

dest_session = boto3.Session(profile_name=dest_profile_name, region_name="ap-southeast-2")
dest_lakeformation = dest_session.client("lakeformation")


# Grant access permissions to quicksight group on database and tables in destination account
dest_grant_permissions_to_quicksight_group_on_database_table(
        dest_database_name, dest_table_name, dest_quicksight_group_arn, dest_lakeformation
    )

# Grant access permissions to quicksight group on source account shared table
dest_grant_permissions_to_quicksight_group_On_shared_table(
        source_account_id, dest_quicksight_group_arn, source_database_name, source_table_name, dest_lakeformation
    )

### Student Engagement Dev

In [None]:
source_account_id = "433802108761"
source_database_name = "student_engagement_db"
source_table_name = "student_engagement_risk_levels"

dest_profile_name= "analytics-dev"
dest_database_name = "student_engagement_db"
dest_table_name = "student_engagement_risk_levels"
dest_quicksight_group_arn = "arn:aws:quicksight:ap-southeast-2:892988355045:group/default/" + Quicksight_group_name

dest_session = boto3.Session(profile_name=dest_profile_name, region_name="ap-southeast-2")
dest_lakeformation = dest_session.client("lakeformation")


# Grant access permissions to quicksight group on database and tables in destination account
dest_grant_permissions_to_quicksight_group_on_database_table(
        dest_database_name, dest_table_name, dest_quicksight_group_arn, dest_lakeformation
    )

# Grant access permissions to quicksight group on source account shared table
dest_grant_permissions_to_quicksight_group_On_shared_table(
        source_account_id, dest_quicksight_group_arn, source_database_name, source_table_name, dest_lakeformation
    )

## CRM

### CRM Prod

In [None]:
source_account_id = "614744184116"
source_database_name = "dp_main_crm_student_contact_db"
source_table_name = "crm_student_contact_crm_student_contact"

dest_profile_name= "analytics-prod"

dest_database_name = "dp_main_crm_student_contact_db"
dest_table_name = "student_interactions"
dest_quicksight_group_arn = "arn:aws:quicksight:ap-southeast-2:271821871271:group/default/" + Quicksight_group_name

dest_session = boto3.Session(profile_name=dest_profile_name, region_name="ap-southeast-2")
dest_lakeformation = dest_session.client("lakeformation")


# Grant access permissions to quicksight group on database and tables in destination account
dest_grant_permissions_to_quicksight_group_on_database_table(
        dest_database_name, dest_table_name, dest_quicksight_group_arn, dest_lakeformation
    )

# Grant access permissions to quicksight group on source account shared table
dest_grant_permissions_to_quicksight_group_On_shared_table(
        source_account_id, dest_quicksight_group_arn, source_database_name, source_table_name, dest_lakeformation
    )

### CRM Dev

In [None]:
source_account_id = "433802108761"
source_database_name = "dp_main_crm_student_contact_db"
source_table_name = "crm_student_contact_crm_student_contact"

dest_profile_name= "analytics-dev"

dest_database_name = "dp_main_crm_student_contact_db"
dest_table_name = "student_interactions"
dest_quicksight_group_arn = "arn:aws:quicksight:ap-southeast-2:892988355045:group/default/" + Quicksight_group_name

dest_session = boto3.Session(profile_name=dest_profile_name, region_name="ap-southeast-2")
dest_lakeformation = dest_session.client("lakeformation")


# Grant access permissions to quicksight group on database and tables in destination account
dest_grant_permissions_to_quicksight_group_on_database_table(
        dest_database_name, dest_table_name, dest_quicksight_group_arn, dest_lakeformation
    )

# Grant access permissions to quicksight group on source account shared table
dest_grant_permissions_to_quicksight_group_On_shared_table(
        source_account_id, dest_quicksight_group_arn, source_database_name, source_table_name, dest_lakeformation
    )

## Blackboard

### Blackboard Prod

In [None]:
source_account_id = "614744184116"
source_database_name = "dp_main_blackboard_learn_db"
source_table_name = "blackboard_learn_blackboard_learn"

dest_profile_name= "analytics-prod"
dest_database_name = "dp_main_blackboard_learn_db"
dest_table_name = "blackboard_learn_sessions"
dest_quicksight_group_arn = "arn:aws:quicksight:ap-southeast-2:271821871271:group/default/" + Quicksight_group_name

dest_session = boto3.Session(profile_name=dest_profile_name, region_name="ap-southeast-2")
dest_lakeformation = dest_session.client("lakeformation")


# Grant access permissions to quicksight group on database and tables in destination account
dest_grant_permissions_to_quicksight_group_on_database_table(
        dest_database_name, dest_table_name, dest_quicksight_group_arn, dest_lakeformation
    )

# Grant access permissions to quicksight group on source account shared table
dest_grant_permissions_to_quicksight_group_On_shared_table(
        source_account_id, dest_quicksight_group_arn, source_database_name, source_table_name, dest_lakeformation
    )

### Blackboard Dev

In [None]:
source_account_id = "433802108761"
source_database_name = "dp_main_blackboard_learn_db"
source_table_name = "blackboard_learn_blackboard_learn"

dest_profile_name= "analytics-dev"
dest_database_name = "dp_main_blackboard_learn_db"
dest_table_name = "blackboard_learn_sessions"
dest_quicksight_group_arn = "arn:aws:quicksight:ap-southeast-2:892988355045:group/default/" + Quicksight_group_name

dest_session = boto3.Session(profile_name=dest_profile_name, region_name="ap-southeast-2")
dest_lakeformation = dest_session.client("lakeformation")


# Grant access permissions to quicksight group on database and tables in destination account
dest_grant_permissions_to_quicksight_group_on_database_table(
        dest_database_name, dest_table_name, dest_quicksight_group_arn, dest_lakeformation
    )

# Grant access permissions to quicksight group on source account shared table
dest_grant_permissions_to_quicksight_group_On_shared_table(
        source_account_id, dest_quicksight_group_arn, source_database_name, source_table_name, dest_lakeformation
    )