I have many accounts in two different payer accounts. Some of the accounts have changed from one payer account to another. I want a group of users to be able to view a list of accounts under payer account A and all accounts under payer account B.
I’ve compiled a CSV with the mappings between the accounts and groups like this
| GroupName |
account_id |
payer_account_id |
| sales |
1 |
|
| marketing |
2 |
3 |
| marketing |
4 |
3 |
Is row level security boolean AND or OR?
ie. If a new account 5 is made under payer account 3 will it be included in the marketing group?
If you use user-based rules, I believe QS applies the AND condition to the columns and OR to the rows.
In your example, readers in the marketing group will be able to see all rows containing:
(account_id = 2 AND payer_account_id = 3)
OR (account_id = 4 AND payer_account_id = 3)
If you use tag-based rules, you can use either the AND or OR condition.
1 Like
I’ve updated my csv to be the following
| GroupName |
account_id |
payer_account_id |
| sales |
1 |
|
| marketing |
2 |
3 |
| marketing |
4 |
3 |
| marketing |
|
3 |
This means that any new account under payer account 3 should be in the marketing group. Is this correct?
I performed the change and it has removed all the data from when account 2 and 4 where in the previous account (lets call it payer account 6) 
The GroupName column in your csv file refers to the group that the user belongs to in QuickSight.
The group that the user belongs to determines which account_id and payer_account_id they will see in the dashboard. That’s how user-based rules work in QuickSight. Are your users in the sales and marketing groups?
1 Like
Yep I’ve got the row level security working for the existing groups working fine in the past
Sorry, it’s a bit hard to follow because of the terminology. My understanding is that account_id is like a user and payer_account_id is like a company. Is that correct?
If you don’t need to control access to data for individual users, you don’t need the account_id column in your rules.
If you create your rules as shown below, it means readers in the sales group will see all users in all companies. Readers in the marketing group will see all users in company 3. Any user that gets added to company 3 will be visible to the marketing group.
It has a one-to-many relationship in a similar way to users and companies.
I want the marketing group to see all data from company 3 in addition to data from users 2 and 4 who are in company 6.
I managed to get it working with this
| GroupName |
account_id |
payer_account_id |
| sales |
1 |
|
| marketing |
2 |
3 |
| marketing |
4 |
3 |
| marketing |
2 |
6 |
| marketing |
4 |
6 |
| marketing |
|
3 |
