I noticed quicksight RLS has a limitation that: “The full set of rule records that are applied per user must not exceed 999. This limitation applies to the total number of rules that are directly assigned to a username, plus any rules that are assigned to the user through group names.”
We have a dashboard for users to check territory assignments. so the RLS logic is username to territory mapping. A user can be assigned with maximum 7K territories .This exceeds the aforementioned limitation. Since we cannot rely on any other attribute besides territory IDs, we need to explore alternative approaches to address this situation. Would you please help?
Its hard to maintain individual user level assignment to 7k+ territories. I presume you may have a logical grouping for this mapping but don’t see a way in QuickSight.
A user in QuickSight could be assigned to multiple user groups. So, you could consider building User Groups that act as Data Access Roles and build your RLS table based on these groups.
Any updates on the question here? I am a AWS interal user, please let me know if anyone of you is avaliable for a quick meeting to help. Any insights will be much appreciated!
One of the options you have is to split your 7,000k territories to one user list into groups of say 500 territories and list that into your RLS dataset. So that should give you per user 14 rows in this dataset.
When there are more than one row per use the QuickSight RLS logic will be an OR so it should be able to cover your case. There is work to do compress your list and provide comma separated values in the Territory field.
Hi @Cindy,
Since we haven’t heard back, I’ll close out this topic. However, if you have any additional questions, feel free to create a new post in the community and link this discussion for relevant information if needed.