Embed to a platform with row level security


Background: A SaaS platform that is not using IAM for user management / login credentials

Need: To embed AWS Quicksight visuals/dashboards with RLS in that SaaS platform.

Question: What is the option(s) to embed the visuals with RLS based on the user that is logged in to the platform. Understand that I need to manage the RLS through a dataset in Quicksight but how do I connect the logged in user in the platform to that dataset in order to have a functioning RLS?

Thank you in advance :slight_smile:

Let me know if this helps.

At a high level you need to:

  1. Provision your users in QuickSight, e.g. when they’re added to your platform, use the QuickSight API to add them to QuickSight at the same time.
  2. Add a role in your AWS account with reader permissions and access to the dashboard.
  3. Use STS to assume the role on behalf of the user when they try to access the embedded dashboard on your platform.
  4. Use the QuickSight API to get the dashboard URL to embed.

When you add the user to QuickSight in step 1, you have to give them a UserName. It’s the same UserName that should be in your RLS dataset. That’s how you make the connection between the user who is logged in on your platform with the QuickSight reader.

This is the video that we found useful when we did our embedding a few years ago.

It’s an older video and back then he used GetDashboardEmbedUrl but you can use the newer GenerateEmbedUrlForRegisteredUser operation.

There are some newer videos about dashboard embedding on the QuickSight YouTube channel.

You can also take a look at this “User-based Embedding” workshop:

1 Like