I am logging into AWS with a role that has access to many Athena tables via Lake Formations Tags, but when I try to create a Athena dataset there are no tables shown even though if I go to Athena I can see all of the tables. If I explicitly assign rights to the user it works but obviously this is cumbersome. Is there any way to make this work as it should, meaning Quicksight picks up the rights from the role logging in?
Hi @jswante,
thank you for posting an inquiry.
There is a blog described how to use Lake formation with AmazonQuickSight.
would you be able to elaborate what rights you assigned to the user when it worked?
kind regards,
Wakana
Hi, i looked at that link and this is how we had to do it, instead if quicksight using the rights of the user role you need to go into LF and assign the rights to the specific user or quicksight work group. This is very inconvenient since we have all out security accross the enterprise being control via roles and LF tags but now we need to configure each user manually or create a workgroup, assign the users to that group, and assign the roles to that separately from what web ave setup already in the sso roles. Seems this is just the ways it works right now its just not well intergrated into the LF security especially using tags.