Row Level Security when QuickSigth Dashboard - Embedding in a Product

Hi, I have 2 Datasets
Master_data - Fact Table,
Planned_data - Dimension Table,
Both Datasets have a common column ‘Plant’ but joined based on another common column.

I have created a Dashboard which is embedded into a Product/App called “XXXX”, which is used by multiple people and they are assigned to a restricted Plant or Plants
let Assume
Person Plant
A PL01
B PL02
C PL03, PL04
D All

when they login to the Product/App and when they open this dashboard they want to see assigned Plant details only dynamically.

How it can be done? Pls help me out

1 Like

Hello @Venkat.Metadata, when viewing the dashboard do you want the user to only see the assigned plant or do you want it to filter to that plant by default but allow them to view others?

If you only want the assigned plant viewable, then you will want to implement RLS based on the userArn or groupArn to assign that plant value. This will be done with a dataset containing all of the users or groups that are accessing the dashboard and then it needs to be attached the dataset in QuickSight. Here is some documentation.

Alternatively, if you are wanting to just filter to the assigned Plant, but the user should still be able to select other Plants, then you will want to utilize Dynamic default values for the parameter controlled filter. This will also require a new dataset that you will include in the analysis. It will look pretty much the same as the RLS dataset, since it will need to contain all of the userArns or groupArns, but it will then be linked to the parameter within the analysis. Here is some documentation on setting parameters dynamically.

Let me know if that helps!

@DylanM Thanks, for your info.

I want to see the dashboard only assigned plant detailsby filtering the dataset or filter the dashboard to that plant details only. ( i am eager to learn 2nd method also ).

is it possible to create this RLS without having a RLS dataset implemented to the dataset(datasource)

Hello @Venkat.Metadata, technically if the product is embedded, you could pass the parameter value from the front-end to filter the dashboard based on the user that is logged in and not utilize RLS. If the data is sensitive though, I would highly recommend not doing that. The safest way to ensure that the user is only able to view the information they should have access to is by implementing Row Level Security. Bypassing the RLS dataset would be a risk.

@DylanM

I want use below kind of URL passes values of Plant in the Parameter using

https://quicksight.aws.amazon.com/sn/dashboards/dashboard-id#p.parameterName=value1&p.parameterName=value2

if my manager want to see the PL02, PL03, PL05, he can pass these values like below

https://quicksight.aws.amazon.com/sn/dashboards/dashboard-id#p.parameterNamePL02&p.parameterName=PL05&p.parameterName=PL03

then he will be able to see 3 plants data in the dashboard

Hello @Venkat.Metadata, if that is the case, then you can either try appending the logic within the URL when you pass the embedded dashboard url into the iframe container on the front end. You would either need to allow the user to select the options in the front end that you want passed or they would have to be determined based on the user that is viewing the dashboard.

Alternatively, you can utilize the embedding SDK to set parameter values when embedding a dashboard.

Here is the documentation for the embedding SDK

You can use this to set the parameter values when calling the embedded dashboard through the SDK:
setParameters: (parameters: Parameter[]) => Promise<SuccessResponseMessage | ErrorResponseMessage>;

That should provide the functionality you are looking for!