Certain reports in AWS QuickSight don't show up anymore after applying Row-level security. Instead of the visualisation a message appears:
We can't parse this SQL syntax. If you are using custom SQL, verify the syntax and try again. Otherwise, contact support.
Without Row-level security applied, or for specific users, the report shows as intended.
It appears that row-level security needs NULL values in the permissions dataset.
For example, if your permissions dataset has three columns "UserName", "location_id" and "role_id", the id columns need to be filled with either NULL or a specific id.
In case they are filled with NULL, and you grant permissions by default, if both id columns have NULL values this will give the username in question rights to see all data in the set. If the location_id has a value and the role_id is NULL, it will limit the set to the specified location, but it will allow it for all roles.
So far, so good. What happened in our case is that the values not only contained "NULL" values, but also NONE (empty) values. Ofcourse, this is not the same as NULL, and QuickSight will fail applying the permissions to the dataset.
The solutions is to check your permissions dataset, and make sure there are no empty strings ore None values in the columns that act as filters. These values should be NULL.