Data Engineering On Aws

Home / Dashboard

Fundamentals▸
Amazon S3 (Data Lake)▸
Lake Formation & Governance▸
Open Table Formats▸
Ingestion & CDC▸
AWS Glue (ETL)▸
Amazon EMR (Spark/Hadoop)▸
Amazon Athena▸
Amazon Redshift▸
Streaming (Kinesis/MSK)▸
Orchestration▸
Data Quality & Observability▸
Security & Compliance▸
Cost Optimization▸
Reliability & DR▸
ML Integration▸
BI & Visualization▸
Migration & Interop▸
Networking & Multi-Account▸
Archival & Retention▸
Testing & CI/CD▸
Data Mesh▸

v1.0 • SwiftLessons

QuickSight Row-Level Security

Introduction

Amazon QuickSight Row-Level Security (RLS) is a powerful feature that enables you to control access to data at a granular level based on user attributes. This ensures that users only see data that they are authorized to view, enhancing data security and compliance.

Key Concepts

**Row-Level Security (RLS)**: The ability to restrict data access at the row level based on user roles and attributes.
**Data Sources**: The original sources of data (e.g., databases, S3) from which QuickSight pulls data.
**User Attributes**: Information about users (e.g., roles, departments) that determine what data they can access.
**Security Policies**: Rules defining access levels based on user attributes.

Implementation Steps

1. Prepare Your Data

Ensure your data includes a column that can be used to filter rows based on user attributes, such as Department or Region.

2. Define User Attributes

In QuickSight, you can define user attributes under the Manage QuickSight section. For example, you can define an attribute called Department for each user.

3. Create Security Policies

Security policies can be created by following these steps:

Steps to Create Security Policy:

Open your QuickSight dashboard.
Navigate to the Datasets section.
Select the dataset for which you want to apply RLS.
Click on Row-Level Security.
Define rules based on user attributes and corresponding data column values.

4. Test Your Security Policy

After defining the security policies, use the Test as User feature to ensure that the policies are applied correctly and users can only see the intended data.

Best Practices

Always use unique identifiers for user attributes to prevent data leaks.
Regularly review and update security policies as user roles or organizational structures change.
Utilize the Test as User feature frequently during development.
Document your security policies and their logic for future reference.

FAQ

What is Row-Level Security?

Row-Level Security is a feature in QuickSight that restricts data access at the row level based on user attributes.

How do I define user attributes?

User attributes can be defined in the Manage QuickSight section, where you can assign specific attributes to each user.

Can I apply multiple security policies?

Yes, you can create multiple security policies for a dataset based on different user attributes.