How can I create groups in Amazon Quicksight to create a dashboard with row level security? In this guide https://docs.aws.amazon.com/quicksight/latest/user/managing-users-enterprise.html it says that you can go to Manage QuickSight > Manage Users > Manage Groups. However there is no Manage Group option for me, even though I already have an enterprise account.
Where can I go to create the groups with the users and then use a [groupname, column] table to filter a dataset?
Despite what it says in the docs, I also cannot find the Manage Groups button. However there is an alternative using CLI according to the documentation:
https://docs.aws.amazon.com/quicksight/latest/user/managing-users.html#creating-quicksight-groups
Says there:
You can create user groups inside Amazon QuickSight so you don't have
to manage users individually. For example, you can create groups for
specific dashboards so you can manage security.
Before you begin, you need to have the AWS CLI installed. For more
information, see Installing the AWS CLI in the AWS CLI User Guide
There is no mention of creating group through Quicksight console there.
You can create a csv file and upload it to quicksight as a dataset.
Then apply row level security on that dataset, using the csv file with the rules.
Username as first column = the Quicksight account such as email
group as second column = A column that will match row by row your dataset filtering out rows that the rules do not apply.
For example your dataset will also have a column name group with values like A,B,C,D in the rows. Then in your rules csv, you place per user which rows he can see. A for just 1 group or A,C,E,F for multiple
Related
I have created a custom entity in common data services(CDS) that streams in data from a survey.
I'll however need to give access to the data to various people. In my dataset, I have a column called community, which should represent which people have access to what data based on the community they've entered the column.
How exactly can I filter the data, after it has streamed in to ensure I only give access to people of a particular community. And yes every community is exclusive, no two people can be in two different communities.
I want to filter by the community, such that those in community A see only A and not B or C.
There’s no straight one step OOB configuration to achieve this. Because the row level security depends on the column value ie. community field value of each record.
One way is to create owner teams and add the users to right teams, then the custom entity record has to be owned by respective team - owner team of each custom entity record can be filled/assigned automatically based on the community field value on create using plugin/workflow/Flow.
Most important, in security role for that custom entity - read privilege has to be given only for user level. Assign the security role to Teams.
I am using quicksight and am having many dashboards but I want to restrict the access to the data in the dashboards based on the group(role) to which the user is assigned So what I am asking is should I for each group create the dashboards that he could access or can I apply some filtering based on the user group when he accesses the dashboard
I have a multi-user website and each user has own data which I can store on s3.
I want to integrate(embed) QuickSight to my website, in that way so each user able to see own data.
I want to have one analysis to be able to modify if for all users.
Are there some recommendations on how to achieve this?
Firstly, you will need to add the user's identifier (email, name, generated ID, whatever) to each row that belongs to them in the S3 data. I'm kind of assuming that you are storing the data in a tabular format (e.g. CSV) but let me know if I'm wrong. So let's assume you added this user identifier as a new column called userId.
Secondly, you will need to generate a manifest file that points to all of your users' S3 files.
Then, create a new data set, pointing to that manifest.
Then, you will need to create another new data set that ties a QuickSight UserName to the new userId column you have added. You will need to maintain this data set somehow, but fortunately the QuickSight UserName has a pattern to it (something like embed_role\user_name).
An example of this new data set might look like
UserName,userId
your_embed_role\user3479125,user3479125
Once you have this data set you can attach it to the S3 data set created earlier as row-level-security (RLS). You can think of QuickSight as performing an inner join on userId between the RLS data set and the actual visual data set, thus limiting the data to the given UserName.
I am working in oracle hcm fusion application. Writing a extract rule for a batch loader fast formula. in one of the extract rule formula i am using a DBI PER_HIST_ASG_ASSIGNMENT_NUMBER but it returning 0, that is no values in DBI. The problem is the DBI internally refer a secured view PER_ASSIGNMENT_SECURED_LIST_V. If I query this table from BI publisher I am not getting any rows. Some one suggest that Data role is missing. Can anyone tell me what is the exact datarole that I should add to acces the values from that DBI.
This View is based on security profile added in the Employment like BU,Department,Location etc.
So you try to retrieve the records from a Super User or Implementation user which is not attached any security profile, You will get the results.
Data roles are configured differently for each organization that is using the Cloud.
So you have to check with your application security consultant for the exact data role you need for this table.
I need to filter a dashboard basing on the user.
for example:
if user1 my-attribute = 1
if user2 my-attribute = 2
What method could I use for doing it also in reports and documents?
What you need here are the MicroStrategy Security Filters.
You can create two security filters, let call them:
MyAttributeEqual1
and
MyAttributeEqual2
Security Filters are pretty much similar to normal filters, so you can play with them and figure out the best condition you want to use.
Then you have to modify the users to assign the right filter.
In case you need you can assign Security Filters to a User Group and it will be applied to all users in that group.
Security filters will be added to the SQL code generate by MicroStrategy when you run a report and they will become an additional where condition.
A word of warning, be careful if you assign a security filter to an attribute and then you show data for a parent attribute, in that case the SQL engine will not apply the filter.