Quicksight RLS and LakeFormation RLS

I have a general question on Row-level security in Quicksight. Assuming you are using LakeFormation, does LakeFormation RLS generally replace the need for Quicksight’s RLS?

@jochapjo LakeFormation RLS and QuickSight RLS are designed for different purpose.
LakeFormation RLS is targeted on data access of Author and Admin. For example, when you set an author only can view partial data in a table, the datasets this author created will only contain these partial data. The data ingestion will only ingest these partial data into QuickSight. So, if you open the data prep of a dataset, you only can view the rows defined as “allow” in the LF RLS.
QuickSight RLS is different. It is more for reader experience. All the data of that table actually are stored in the dataset, hosted in QuickSight service. If an author edit the dataset, in the preview section of data prep, this author can view the data no matter the RLS policy it is. But, in analysis/dashboard, the user only can view partial data defined in the RLS policy.

1 Like