Cannot publish Dataset which uses RLS

I have created a dataset with two tables with the following transformation:

  1. Change data type on the organisation_id column to be string (which will be used for RLS)
  2. Join both tables on a column
  3. Select required columns for the dataset
  4. Rename columns

The dataset saves fine until I associated it with and RLS (custom SQL) which looks like the following:

SELECT 'authors' AS GroupName, NULL as organisation_id

UNION ALL

SELECT 'readers' AS GroupName, NULL as organisation_id

The error I get during the Save and Publish operation is:

Cannot publish dataset

The columns listed below are used in the rules dataset but are missing from the output. This will affect downstream analysis.

  • groupname

To publish dataset, you need to restore the missing columns.

What am I missing? The Data source is from Redshift.

Regards,

Jeff

Hi @jeffery

Welcome to the Quick community!

The error message you are encountering indicates that the dataset used for Row Level Security (RLS) is missing the required groupname column in the final output. This column is essential for Quick to apply the RLS mappings and control data access correctly.

For implementing RLS in Quick, you should ensure the following:

  1. Create a permissions table in your Redshift database (ex: rd_user_group_rls) that maps users or groups to the data they are allowed to access. This table should include columns such as groupname and ord_id.
  2. Create a new dataset that connects to the permissions table.
  3. Apply Row Level Security by linking this permissions dataset to your target datasets. The RLS rules will use the groupname and org_id columns to filter data based on the user’s role or group membership.

For a detailed, step-by-step guide on implementing RLS, you can refer to this Quick Workshop Studio.

Thanks @Xclipse !

I do have an RLS dataset which is what I am using for user based RLS. I also have a tag based policy on the one column (organisation_id) in the dataset which I am applying the RLS against.

If I remove the user-based RLS, then I can save the dataset. But my analysis Visual doesn’t work as the tag-based policy is applied. The only way I can save/publish the dataset is to remove the user-based, save the dataset and re-apply the RLS user-based policy.

Hi @jeffery

As per Quick documentation, use tag-based Row Level Security (RLS) only when you are embedding dashboards and need to secure data for users who are not registered in Quick (unprovisioned or anonymous users).

User based RLS is recommended for scenarios where users are registered in Quick, and access is controlled based on user permissions defined in a dataset.

Tag based RLS works by passing tags with the embedded session to dynamically restrict data. This method is ideal for external or anonymous users accessing embedded dashboards.

Please refer to the below documentation this might be helpful for you.

1 Like

Hi @jeffery ,

Following up here as it’s been a while since last communication took place on this thread; did you have any additional questions regarding your initial post?

If we do not hear back within the next 3 business days, I’ll close out this topic.

Thank you

Hi @jeffery

QuickSight is sensitive to the column names used in the RLS dataset. In your screenshot the query shows GroupName and error message says groupname. You may need to check this out.

Regards,

Giri

1 Like

Hi @jeffery ,

Since I haven’t received any further updates from you, I’ll treat this inquiry as complete at this time. Please feel free to create a new post if you have more questions.

Thank you