Hi,
I’m applying row level security to a dataset in an analysis. The RLS dataset queries a Redshift table, my ARN is included to allow me to view all data.
For some reason I am blocked from seeing the data in the Quicksight UI as I get a message saying I don not have permissions to see it. However, when I change this dataset to a SPICE dataset I can see the filtered data.
How come this works with SPICE but not direct query?
Thanks
I have done some testing on this to explore further, it seems like the issue could be with having two sepparate namespaces in the RLS dataset. Just having my namespace (default) works again with direct query but when I have user/groupARNs from another namespace the RLS permissions don’t pick up my userr in the Quicksight analysis and I am blocked from seeing the data with the standard RLS restriction message, no mention of namespace.
Am I correct in thinking I should be able to have multiple namespaces in an RLS dataset?
If anyone has the same problem where they:
Have multiple namespaces querying an embedded dashboard
An RLS dataset using userArn and groupArn
Embedded access works but your default user is blocked from developing in the Quicksight UI
I found that querying Redshift tables for the namespace permissions then appending my own default userArn in the direct query was not working.
The solution was to have my userArn in a Redshift table which I could then query.
Storing the dataset in SPICE also works but not in my use case because of the truncation of long text fields.