Change the row level security error message

Currently we get error message “can’t access the insight you don’t have access to dataset”.
Can we change it to something else?

Hi @sohail - Are you facing this issue after implementing RLS. please give more details on this, if possible share a screenshot (please ensure not to show any PCI and PII details).

Regards - Sanjeeb

1 Like

Hi @Sanjeeb2022 , we need to render quicksight dashboard in our application with row level security enabled in the dataset. Our pipeline takes sometime to create user in the quicksight and during that lag of 2-3 minutes. User gets this error message as shown in the screenshot. We just need to modify it to show something more relevant. Let me know if it’s possible to do it and how?

hi @sohail - Ok, when RLS is implemented, during that time user is facing this issue? Is that correct? I am doubtful whether you can have a work around solution as internally RLS will restrict the data and it may take time.

By saying that can you please raise a ticket to AWS Customer support team to have a look on this.

Tagging @Jesse @Max and @David_Wong for their expert advise on this.

Regards - Sanjeeb

1 Like

My understanding is that your dashboard is embedded and when a new user is added in your application, there is a delay in adding them to QuickSight and/or a delay in updating your RLS rules to include them.

You can’t customize this message but you should be able to display your own message in your application. You can check use the QuickSight API to check if the user is in QuickSight. If they’re not in QuickSight yet, don’t let them access the dashboard and display your message.


@sohail agree with David’s suggestion above. Short answer is we cannot customize the message when there is no data available (in this case due to RLS). Along the lines of what David suggested, if you have a way to check in your pipeline if the provisioning of the user to the RLS rules has not occurred yet, you could set the value of a parameter you create in QS to a value like ‘show_message’ via the embedding SDK. Then we can use that parameter in your analysis/dashboard in combination with Conditional Rendering to show or hide a visual based on that parameter value. The visual you would create would be like a text box or insight that has your custom error message, and using the Free Form layout, you can place it directly on top of your other visual(s). So before you application loads the embedded dashboard, you would trigger your flow to validate if the user’s RLS is set up yet and then set the value of the parameter accordingly to show or hide this visual with the custom error message.

Another alternative is you can use tag-based RLS (available when using Anonymous Embedding which is available using Session Capacity Pricing). In that method of embedding, you can set the RLS rules at run-time of the dashboard, vs updating a dataset that has RLS rules to be applied in QuickSight. You are essentially moving he RLS rule logic to your application layer rather than managing it in a QuickSight dataset. This would give you more control over the latency between provisioning the user in your application and them seeing a filtered dashboard. All of the updates would happen in your app logic and nothing needs to be updated or managed in QuickSight. You would not have to manage any users in QS anymore.

1 Like