Data Security

In this module, we will use the dataset and analysis that you created in Module 1 (Build your first dashboard).

QuickSight supports both Row and Column level data security.

Row Level Security (RLS)
There are lot of scenarios wherein you want to share a standard dashboard with a wide audience but want them to see only data that is relevant to each of them. For example, you might want to let each sales rep see his/her sales data, the state manager to see data for all reps that roll up to him/her and country manager to see data for whole country. This can be easily accomplished by building a single dashboard on top of dataset that is secured with RLS rules.
QuickSight allows you to bring in data rules that specify the access levels at user and group level.
These rules can be pulled in from any source that we support for regular data (Say S3, RedShift, RDS etc)
If you are using QuickSight in a single tenant mode (with default namespace), you can use UserName and GroupName in laying out the data access rules. In Multitenant mode (with one namespace per tenant), use the UserArn and GroupArn instead as these will help uniquely identify users and groups across your entire account.

Since RLS is applied at dataset level, it helps you secure all analyses and dashboards built out from the dataset already as well as any subsequent builds.

Column Level Security (CLS)
You might have a bunch of fields with sensitive information (like SSN, Salary, Address etc) in your dataset that you want only users with elevated privileges to see. You can set this up by applying CLS on the dataset. Users who have been granted access to all fields will be able to see all visuals in the dashboards/analyses that are shared with them.
Other users, who have access to dashboards/analysis built from this dataset, but haven’t been given access to sensitive fields, will see visuals that use regular fields; For visuals that use the secured fields in group by capacity, they will see a message that the visual can’t be displayed as it uses a restricted field; For tables that use the restricted fields in raw/ungrouped mode, they will see just the restricted columns marked as unavailable while other columns show data.