Question about CLS and RLS

Could someone please clarify the following questions?

1.Does RLS support the NOT clause?

• For RLS, If you don’t add a rule for a user or group, that user or group can’t see any of the data. The filter values can be provided as a list of comma separated values. How can a use case be addressed where an identity has access to a particular value(like column1=1) and other identities will have access to all values other than the restricted one. For other identities, is it possible to specify a NOT clause[like WHERE (NOT ((column1 = 1)))], instead of providing every other value for column1 for other users and groups? What other way can be used to solve this problem?

2 RLS for numeric and date fields

• Row-level security works only for fields containing textual data (string, char, varchar, and so on). It doesn’t currently work for dates or numeric fields (from Using row-level security (RLS) with user-based rules to restrict access to a dataset - Amazon QuickSight). Is there a workaround for making this work with numeric and date fields?

3.CLS- number of principals for a restricted column

• In CLS, it looks like the maximum number of principals allowed for a restricted column is 100. Is there a way to increase this number?

Hello @sanjayd, welcome to the QuickSight Community! Since you asked three questions, I will answer them in the same order that you asked them.

1. Unfortunately, there is not currently a way to handle a not clause for RLS. This is a great suggestion though that could simplify the RLS dataset creation process, so I will make sure and tag this as a feature request for our QuickSight development team. For now, you will have to add all values the user/group will need access to.
2. For Numeric and Date fields, the best workaround I can think of at the moment would be creating a second value in the dataset you want to restrict that takes the numeric or date field and converts it to a string value. Then you should be able to restrict access based on that value in your RLS dataset.
3. As for the maximum number of allowed principles, if the documentation says 100 is the limit then there is not a way to increase that at the moment. I can add this as another feature request though so maybe it can be increased in the future.

Thank you for providing so much detail in your question, I hope this response helps you with the implementation of RLS on your QuickSight dataset.