RLS security for Embedded Dashboards

Hi,

We are trying to implement Row Level Security for the datasets associated with our embedded dashboard using ‘User-based’ rules’. For that I created a sample file with ‘Username’ and ‘location_country’ as columns and with one row of data:

  1. username ='demo@x.com; and location_country =‘United States’

Then used this file as the RLS file for a custom dataset with two columns (application_id, location_country) - Created an analysis using this custom file - created a table with location_country as column. Also, location_country has country values like United States, China, India

When I applied the RLS security using this file to the custom dataset and logged in using ‘demo@x.com’ to view the analysis created, I expected to see only the rows associated with United States but I couldn’t see any data. (Refer screenshot)

So, my question is:

  1. Am I missing any particular step in here?
  2. Can user based rules be used for embedded dashboards?

Let me know if you need more information to debug this.

Thanks,
Screen Shot 2022-03-01 at 3.57.05 PM

Anita

Hi, Can you please confirm if user ‘demo@x.com’ was created within quicksight or is the user federated into quicksight?
Federated users will also have role name as a prefix for instance ‘Rolename/demo@x.com’ and you will have to use the entire string (Rolename/demo@x.com) as username for implementing RLS.
You can confirm this by going to Manage Quicksight Screen (If you have admin rights Manage Quicksight → Manage Users ) and look at the username for demo@x.com under Manage Users option.
Recommended way to implement RLS would be to use ‘user ARN’.

Regards,
Karthik

2 Likes