RLS security for Embedded Dashboards


We are trying to implement Row Level Security for the datasets associated with our embedded dashboard using ‘User-based’ rules’. For that I created a sample file with ‘Username’ and ‘location_country’ as columns and with one row of data:

  1. username ='demo@x.com; and location_country =‘United States’

Then used this file as the RLS file for a custom dataset with two columns (application_id, location_country) - Created an analysis using this custom file - created a table with location_country as column. Also, location_country has country values like United States, China, India

When I applied the RLS security using this file to the custom dataset and logged in using ‘demo@x.com’ to view the analysis created, I expected to see only the rows associated with United States but I couldn’t see any data. (Refer screenshot)

So, my question is:

  1. Am I missing any particular step in here?
  2. Can user based rules be used for embedded dashboards?

Let me know if you need more information to debug this.

Screen Shot 2022-03-01 at 3.57.05 PM


Hi, Can you please confirm if user ‘demo@x.com’ was created within quicksight or is the user federated into quicksight?
Federated users will also have role name as a prefix for instance ‘Rolename/demo@x.com’ and you will have to use the entire string (Rolename/demo@x.com) as username for implementing RLS.
You can confirm this by going to Manage Quicksight Screen (If you have admin rights Manage Quicksight → Manage Users ) and look at the username for demo@x.com under Manage Users option.
Recommended way to implement RLS would be to use ‘user ARN’.