用户访问控制台时获取Athena GetWorkGroup权限错误

感谢您花时间帮我解决以下问题。

我创建了一个基于最小权限的访问策略，以便用户只能根据以下代码在名为 finance-analyst-dev 的 Athena 工作组中运行查询：

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "S3Permissions",
      "Effect": "Allow",
      "Action": [
        "s3:GetObject",
        "s3:ListBucket",
        "s3:GetBucketLocation",
        "s3:PutObject"
      ],
      "Resource": [
        "arn:aws:s3:::datalake-finance-0123456789123-analytics-dev",
        "arn:aws:s3:::datalake-finance-0123456789123-analytics-dev/*"
      ]
    },
    {
      "Sid": "AthenaPermissions",
      "Effect": "Allow",
      "Action": [
        "athena:StartQueryExecution",
        "athena:GetQueryExecution",
        "athena:GetQueryResults",
        "athena:ListQueryExecutions",
        "athena:GetWorkGroup",
        "athena:CreateNamedQuery",
        "athena:DeleteNamedQuery",
        "athena:GetNamedQuery",
        "athena:ListNamedQueries",
        "athena:BatchGetNamedQuery",
        "athena:BatchGetQueryExecution",
        "athena:UpdateNamedQuery",
        "athena:ListWorkGroups"
      ],
      "Resource": [
        "arn:aws:athena:us-east-1:0123456789123:workgroup/finance-analyst-dev"
      ]
    },
    {
      "Sid": "GluePermissions",
      "Effect": "Allow",
      "Action": [
        "glue:GetDatabases",
        "glue:GetTables",
        "glue:GetTable",
        "glue:GetPartitions"
      ],
      "Resource": [
        "arn:aws:glue:us-east-1:0123456789123:catalog",
        "arn:aws:glue:us-east-1:0123456789123:database/finance-analytics-dev",
        "arn:aws:glue:us-east-1:0123456789123:table/finance-analytics-dev/*"
      ]
    }
  ]
}

但是，在访问控制台时，用户继续被告知不能对资源执行athena:GetWorkGroup操作。

请务必注意，我不希望此用户访问主要工作组。

再次感谢

此策略中的所有其他权限都正常工作。