Row level security suddenly stopped working

I have a postgres derived dataset and am using tags for RLS. Then using anonymous embedding in my application as set out in the AWS guides. All was well - RLS security working as expected.
Then all of a sudden it stopped working and my dashboards have an error stating contact quicksight admin. There is no further information. Disabling the RLS and data does flow back into the application - obviously unfiltered but demonstrates that the dataset etc is ok. This is only happening to a service in us-east-2.

Any ideas how i even start to debug this?


I am assuming the dashboards are not showing data when you are accessing from the QuickSight console while they are displaying when accessed from your application (anonymous embedding ) .

In the following blog : Embed multi-tenant dashboards in SaaS apps using Amazon QuickSight without provisioning or managing users | AWS Big Data Blog
Search for ( Enable authors to access data protected by tag keys when authoring analysis ) : Possibly you are missing this step.


So it turns out a null value was added into the dataset on the key we were using for RLS. I guess my question is: where can one find that in an error log?

can you provide more details on what you mean with a null value added into the dataset ?

So we had a table that had a column, my_id, which was populated with 1,2,3,4,5 and used this for RLS. Then the data changed to 1,2,4,5 and the the RLS errors.

In this scenario, if the value 3 was passed from the application , the dashboard should have shown no data since it is not available.

Hi @wrdeman, Please confirm if your RLS dataset is now working as expected again. .

Based on your explanation it looks like the cause of the issue was introduction of null value to the column that was identified for tag based RLS. In your example the Id column was initially populated with 1,2,3,4,5 and then it was updated to 1,2,null,4,5.

Do you still have issue with tag based RLS or can you please elaborate on the concern?