I'm using AWSlake formation te manage the permissions needed to use Athena.
For one of the users i revoked all his permissions, so now he can't see the databases, tables in athena Catalog, but when he runs any request directly from the editor, it still work.
He's not a ldata ake formation administrator, and he has full access on athena.
I think it's because the Athena service has permissions via a service-linked role (created by Lake Formation): https://docs.aws.amazon.com/lake-formation/latest/dg/service-linked-roles.html
Since the user has access to Athena, his requests are being executed by the Athena service (which still has access).