Shared folders with different levels of security for folders under shared folders and then a project folder

Trying to figure out how to set different levels of security as I go deeper in folder structure under shared folders.

Example of folder structure…

Shared folders
DEV
ProjectA
Internal Only - internal users only
Billing - internal users only who need billing access
Customer - internal users only who need customer access
ClientFacing - clients can see ONLY this folder under ProjectA

I’d like to be able to have certain users see ProjectA. Under ProjectA I need only people at our company to be able to see ‘Internal Only’. Then under ‘Internal Only’, I need only accounting people to see ‘Billing’ and only account managers to see ‘Customer’. ‘ClientFacing’ is where clients will run dashboards but client’s cannot have access to Internal Only.

2024-10-02 10_41_06-Shared folders with different levels of security for folders under shared folder

Hi @pbishop,

It is important to note that Quicksight does not enforce permission inheritance from parent to child folders. Every folder has its own permission setting.

In order to fulfill the requirements of the sample scenario that you have described, you can make user groups for the different roles in your organization (eg. ‘InternalUsers’, ‘Accounting’, ‘AccountingManagers’, ‘Client’) and grant access for each specific folder to the appropriate group. Following the example case in your question:

Internal Only - ‘InternalUsers’: Grant Access
Billing - ‘Accounting’:Grant Access
Customer - ‘AccountingManagers’:Grant Access
Client Facing - ‘Client’:Grant Access

You can find documentation for AWS Quicksight Security here. Hope this helps!

1 Like

I’ve done that, but it will always inherit everything from my ProjectA folder and makes it not work like it should.

For instance below I have my “Internal Only” folder and “Client Facing” under “ProjectA”. When I mange the “Client Facing” folder it shows this…

That’s inherited from the “ProjectA” folder. My user who is only in the “Internal Only” group can still see the ‘Client Facing’ folder as well because of that inheritance from ‘ProjectA’.

In order for anyone to see this I have to share ‘ProjectA’ with everyone, but then folders below I want to remove this inheritance.

Does that make sense or am I doing something wrong.

I believe i have it figured out. You have to work completely from the bottom up and share in that direction. In our previous BI tool you worked from the top down.