0

I would like to share an embeded quicksight dashboard with multiple clients.

I have set a big dashboard for the company to access the whole data. The problem now is i would like to share it for each clients with their own data only.

I know i can filter rows with solutions like RLS based on a field containing the database name. But i don't know what would be the best way to perform it ? (RLS is only an option here)

The second part of the problem. i will have new client data included but what about sharing for new clients? I need an automatic solution.

Regards.

Jonito
  • 407
  • 7
  • 18

1 Answers1

1

You can use row level security to allow access only to a subset of the data to either users or groups. To do this, create a permissions dataset that says who (user or group) can access which rows, then attach the permissions dataset via the Row-level security button.

For my use case, I create a Quicksight group for each customer account (with boto3 create_group), then add individual users to groups (with boto3 create_group_membership). The group Name is the account id, since it won't change; the Description is the account name.

The permissions dataset specifies that members of a group can see the matching account. These values will be the same, since the group name is the account id. For example, this CSV says members of group abc123 can see only rows where the account_id field is abc123:

account_id,GroupName
abc123,abc123

To add an account to Quicksight:

  • create a Quicksight group for the account via create_group
  • (re-)create the permissions dataset from the list of accounts in the database
  • upload the permissions dataset to S3
  • reingest the permissions dataset with create_ingestion

To allow a user to access Quicksight data:

See also Amazon's row level security docs.

kielni
  • 4,779
  • 24
  • 21