Issue applying RLS in child dataset in new UI experience

Karthika_G1 · June 18, 2026, 6:15pm

Hi everyone,

I’m facing an issue with Row-Level Security (RLS) in QuickSight and would appreciate some guidance.

My Setup:

I have a parent dataset (DatasetA).

I create another dataset (DatasetB) from DatasetA.

In DatasetB, I perform transformations such as unpivoting and a few calculated fields.

DatasetB is the dataset used in my analysis/dashboard.

Requirement:

I want to apply tag-based RLS on DatasetB using a Country column.

Problem:

After applying tag-based RLS to DatasetB:

The visuals based on DatasetB in the embedded application, users see the message:

“You do not have permission to view this visual” (or a similar RLS-related error).

What I Tried

Applied the same RLS directly on DatasetA (parent dataset).

In this case, the embedded dashboard works as expected.

Considered creating DatasetB from an already RLS-enabled DatasetA.

However, QuickSight does not allow a child dataset in SPICE when the parent dataset has RLS applied.

If I switch to Direct Query, I lose access to transformations such as unpivot, which I need.

Question

Has anyone faced a similar issue with tag-based RLS on child datasets?

Is there a recommended approach to:

Use transformations like unpivot,

Keep DatasetB in SPICE,

And still have tag-based RLS work correctly in embedded dashboards?

Any suggestions or best practices would be greatly appreciated.

Xclipse · June 19, 2026, 11:27am

Hi @Karthika_G1

Thank you for the detailed explanation of your setup. Based on the behavior you’re describing, there are two key constraints to be aware of:

1. Child datasets from RLS-enabled parent datasets are limited to Direct Query mode

When a parent dataset has RLS rules active, QuickSight only allows child datasets to be created in Direct Query mode. SPICE is not supported for the child in this scenario.

Reference: Creating a dataset using an existing dataset in Amazon Quick - Amazon Quick

2. Tag-based RLS is supported only for anonymous embedding

Tag-based RLS works exclusively with the GenerateEmbedUrlForAnonymousUser API. It is not supported with GenerateEmbedURLForRegisteredUser or the older GetDashboardEmbedUrl API. If your embedded application uses registered-user embedding, tag-based RLS will not function as expected, which would explain the You do not have permission to view this visual error.

Reference: Using row-level security with tag-based rules to restrict access to a dataset when embedding dashboards for anonymous users - Amazon Quick

Topic		Replies	Views
Child dataset of RLS-enabled SPICE dataset fixed to Direct Query mode Q&A quick-sight , dataset , Business-Intelligence-Engineer , qls-RlsCls	5	99	October 18, 2024
Amazon Quick Sight enables Row Level Security (RLS) on Dataset-as-a-source What's New row-level-security , dataset	0	673	October 28, 2022
Row_level_security failed Q&A developer , row-level-security , quick-sight	5	193	January 11, 2024
RLS Dataset– Few Users Unable to See Data/ Filters in the dashboard due to RLS dataset Q&A admin , row-level-security , direct-query , error , quick-sight	8	97	December 15, 2025
Row level security suddenly stopped working Q&A row-level-security , quick-sight	6	733	October 4, 2022

Issue applying RLS in child dataset in new UI experience

Related topics