Trying to figure out how to set different levels of security as I go deeper in folder structure under shared folders.
Example of folder structure…
Shared folders
DEV
ProjectA
Internal Only - internal users only
Billing - internal users only who need billing access
Customer - internal users only who need customer access
ClientFacing - clients can see ONLY this folder under ProjectA
I’d like to be able to have certain users see ProjectA. Under ProjectA I need only people at our company to be able to see ‘Internal Only’. Then under ‘Internal Only’, I need only accounting people to see ‘Billing’ and only account managers to see ‘Customer’. ‘ClientFacing’ is where clients will run dashboards but client’s cannot have access to Internal Only.
It is important to note that Quicksight does not enforce permission inheritance from parent to child folders. Every folder has its own permission setting.
In order to fulfill the requirements of the sample scenario that you have described, you can make user groups for the different roles in your organization (eg. ‘InternalUsers’, ‘Accounting’, ‘AccountingManagers’, ‘Client’) and grant access for each specific folder to the appropriate group. Following the example case in your question:
Internal Only - ‘InternalUsers’: Grant Access
Billing - ‘Accounting’:Grant Access
Customer - ‘AccountingManagers’:Grant Access
Client Facing - ‘Client’:Grant Access
You can find documentation for AWS Quicksight Security here. Hope this helps!
That’s inherited from the “ProjectA” folder. My user who is only in the “Internal Only” group can still see the ‘Client Facing’ folder as well because of that inheritance from ‘ProjectA’.
In order for anyone to see this I have to share ‘ProjectA’ with everyone, but then folders below I want to remove this inheritance.
Does that make sense or am I doing something wrong.
I believe i have it figured out. You have to work completely from the bottom up and share in that direction. In our previous BI tool you worked from the top down.
