Is it okay to use the QuickSight user type for embedded dashboards that does not set a password in the browser (“QUICKSIGHT”)?
I want to embed a QuickSight dashboard in a web application on AWS.
I want to be able to display only the user’s own data on the dashboard when the web application user signs in.
Therefore, I came up with the following method.
・Register a QUICKSIGHT user (email) with the same name as the application user name
・When the user signs in to the web application, specify the UserARN of the QUICKSIGHT user registered with “GenerateEmbedUrlForRegisteredUser” and embed the dashboard URL in the application
・Data control is performed by applying row-level security (RLS) to the data set.
In the hands-on session, the method of passing the SessionName in the IAM role was introduced for the QUICKSIGHT user to be registered, but
I thought that the method above would also be fine and could be implemented more easily. Is this idea wrong?
I also thought that it would be simpler to use anonymous users, but we are currently proceeding with registered users.
Not sure , what session you are referring to , if it’s out embedding demo , it’s just show that user is created using an empty IAM Role without any specific permissions assigned.
Is it okay to use the QuickSight user type for embedded dashboards that does not set a password in the browser (“QUICKSIGHT”)?
Yes you can use QuickSight managed users for embedding. The user anyways does not access a QuickSight dashboard from the console, but only through the embedded application.
In our company we use this method but we’ve implemented a slightly different approach. We create a column in our database specifically to store the UserARN of the Quicksight registered user. This allows us to manage user permissions and access more effectively, ensuring that each user has the appropriate visibility into the data relevant to them.