Authorisation at row level

sanskari_lad · May 28, 2024, 10:53am

Hello,

I have a use-case and would like to get opinion of community on how to achieve it.

Here’s a brief of setup:

My Data is in S3 and I query it using Athena
In QuickSight I’m using federated users.

What I want to achieve is allow different users to access different parts of data based values n a column in parquet file (in below example this column is category)

For example let’s say I have three Categories in the parquet file in S3 named CAT_A, CAT_B, CAT_C and 2 users USER_A and USER_B. I may initially only want USER_A to see data related to CAT_A and USER_B can see metrics for CAT_A and CAT_C.
This rule is very dynamic and can change tomorrow for example USER_A could later on get access to CAT_A, CAT_B and CAT_C.

How can I achieve this? Also if possible would appreciate any doc/blog that’s relevant to the use case ^^

Thank you!!

Sanjeeb2022 · May 28, 2024, 2:49pm

Hi @sanskari_lad - Welcome to AWS QuickSight community and thanks for posting the question. I think you can implemented RLS ( Row Level Security) for this requirement. Please find the require document for the same.

Regards - Sanjeeb

sanskari_lad · May 29, 2024, 4:57am

Hi @Sanjeeb2022 ,

Tried it out, and it works as expected.

Thanks!!

Sanjeeb2022 · May 29, 2024, 5:10am

Thanks @sanskari_lad . Please mark the require response as solution so that it can help to wider community members.

Regards - Sanjeeb