diff --git a/backend/dataall/cdkproxy/stacks/pivot_role.py b/backend/dataall/cdkproxy/stacks/pivot_role.py
index 22fa577b1..c0b157f4a 100644
--- a/backend/dataall/cdkproxy/stacks/pivot_role.py
+++ b/backend/dataall/cdkproxy/stacks/pivot_role.py
@@ -171,7 +171,7 @@ def _create_dataall_policy0(self, env_resource_prefix: str) -> iam.ManagedPolicy
                     ],
                     resources=[f'arn:aws:s3:*:{self.account}:accesspoint/*'],
                 ),
-                # Glue - needed to handle databases and tables
+                # Glue - needed to handle databases and tables and cross-account shares
                 iam.PolicyStatement(
                     sid='GlueCatalog',
                     effect=iam.Effect.ALLOW,
@@ -193,6 +193,8 @@ def _create_dataall_policy0(self, env_resource_prefix: str) -> iam.ManagedPolicy
                         'glue:UpdatePartition',
                         'glue:UpdateTable',
                         'glue:TagResource',
+                        'glue:DeleteResourcePolicy',
+                        'glue:PutResourcePolicy',
                     ],
                     resources=['*'],
                 ),
diff --git a/deploy/pivot_role/pivotRole.yaml b/deploy/pivot_role/pivotRole.yaml
index c30b32375..3a4ce3243 100644
--- a/deploy/pivot_role/pivotRole.yaml
+++ b/deploy/pivot_role/pivotRole.yaml
@@ -140,6 +140,8 @@ Resources:
               - 'glue:UpdatePartition'
               - 'glue:UpdateTable'
               - 'glue:TagResource'
+              - 'glue:DeleteResourcePolicy'
+              - 'glue:PutResourcePolicy'
             Effect: Allow
             Resource: '*'
           - Sid: GlueETL