We are using Amazon QuickSight in Enterprise edition. We have configured some datasets with Row-level security based in user-based rules and it works fine so far.
Now we are going to give it a try using the API GenerateEmbedUrlForRegisteredUser to see if we can get it to work to launch a QuickSight panel from an external system and if it can help us to match our business need.
However I am getting a little bit confused with the QuickSight Editions and the user limitations. Please let me explain.
My understanding is that we need to stay in the QuickSight Enterprise edition to be able to use RLS user-based rules (please correct me if I am wrong).
After reading AWS docs and also some posts in this forum I am not able to get clear if:
Can we use “Reader” users to use RLS user-based rules or do we need to use “Author” users?.
If we can use “Reader” users to get access to the panels having RLS user-based rules applied, is there any limitation in the number of sessions per month that each “Reader” user can access the panel?. (I have seen in some posts in this forum that there is a total limitation of 500 sessions per month for all Reader users in a QuickSight account, however dont know if that is official)
If such limitation is true, does this limitation also applies to Author users?.
I mean our idea is to use Reader users to get access to the panel, but if there is a limitation for the number or times per month they can access this panel dont know if that fits for our business scenario.
Please see my response , hope this helps clearing your doubt.
My understanding is that we need to stay in the QuickSight Enterprise edition to be able to use RLS user-based rules (please correct me if I am wrong).
After reading AWS docs and also some posts in this forum I am not able to get clear if:
Yes - RLS is available only for the Enterprise edition of QuickSight
Can we use “Reader” users to use RLS user-based rules or do we need to use “Author” users?.
– Well, Author defines RLS on the data set and any reader consuming dashboard based on the dataset, RLS is applied. Reader does not need to configure anything as such.
If we can use “Reader” users to get access to the panels having RLS user-based rules applied, is there any limitation in the number of sessions per month that each “Reader” user can access the panel?. (I have seen in some posts in this forum that there is a total limitation of 500 sessions per month for all Reader users in a QuickSight account, however dont know if that is official)
If such limitation is true, does this limitation also applies to Author users?.
Quicksight has 2 types of pricing - User -based pricing & Capacity based pricing
** if you have capacity based pricing, session comes into picture and pricing starts at 250$/ month where you get 500 sessions /m which is shared among all. If sessions get exhausted additional sessions are charged @ $0.50 per sessions. a session is a 30 minute period. See here for more info - Business Intelligence Service – Amazon QuickSight Capacity Pricing – AWS
Thanks a lot for the quick answer Deep. I understand that for every user of type “Reader” charges will be those 3$/month no matter the number of times they access the panel.
Just a question, to play with some users I have moved them from “Reader” to “Author”… but now I am not able to set them back as role “Reader”. Is there any reason?.
You cannot downgrade the Role from author to reader but upgrade from reader to higher.
in your case, you may need to delete the Author > transfer assets to another Author/Admin > Recreate the user as a Reader and share dashboards.