Looking for some guidance on how I might implement column level or table level security based on user level using Quicksight/Q. So for example a CFO might be able to ask “show me employee salary information” but an analyst would not be able to.
Thanks.
Hello Vim,
Please follow the blog for reference here
RLS or CLS are applied to the dataset and for Q you need to create a topic on that dataset.
If i am not mistaken, Any security applied to the dataset. it applies to topic / paginated report etc as well. As a result, the output of Q&A using Q would be as per the RLS/CLS.
Hope this helps.
Cheers,
Deep
At QS you ca use RLS or CLS like @Deep said,
.
but, if possible, I recomend that you use separated tables/view… one for analyst dasboard with mascared data or without sensitive content and other for chief dashboard.
You can use workgroup security at athena or bucket police at S3
QuickSight Q now supports questions for access restricted datasets that use Row level Security (RLS) with user based rules. Readers can now ask questions about Topics that contain restricted access datasets and instantly receive accurate and pertinent answers based on access control rules defined by authors in RLS settings. Authors can create Q Topics to answer questions on RLS enabled datasets without making any additional changes to existing rules. QuickSight Q leverages existing user based rules defined in RLS settings and enforces these rules not only on answers to questions but also on auto complete suggestions provided at the time of question framing. Therefore, Q Topics created with RLS enabled datasets always surface data that users are granted permission for.
Authors with a subscription for Enterprise Edition can define user based access restrictions on datasets by following instructions here. These rules are enforced when readers access data either by Dashboards or Topics, making it easy for Authors to manage data access for readers in a single rules dataset. Existing datasets for which rules are already defined do not need any additional changes. Get Started with a Free Trial for Amazon QuickSight Q.
Source : Applying row-level and column-level security on Amazon QuickSight dashboards | AWS Big Data Blog
Also, please see this post : How to Apply Role-Based Row-Level Security (RLS) Differently Across Multiple Dashboards in QuickSight? - #2 by Xclipse
Did this solution work for you? I am marking this reply as, “Solution,” but let us know if this is not resolved. Thanks for posting your questions on the QuickSight Community!