Error Message –
User: arn:aws:iam::xxxx:user/admin is not authorized to perform: lakeformation:PutDataLakeSettings with an explicit deny
Issue – This issue will occur when you will try add new user as Lake formation admin with IAM user which already added as admin to Lake formation
Denying this permission prevents a data lake administrator from designating other principals as data lake administrators, leaving this permission only with IAM administrative users. It also prevents the data lake administrator changing the settings on the Settings page of the Lake Formation console. These settings determine the default permissions for newly created databases and tables.
- Ensure you are not trying to add user in Lake formation admin group with IAM user already exists as Lake formation Admin.
- If yes, Use different IAM admin user to login into console and add user in Admins and database creators group