Search code examples
access-controlamazon-quicksightamazon-elasticsearch

AWS Quicksight Fine-grained access control document level security on Elasticsearch data

I have integrated AWS elasticsearch into AWS QuickSight, but we are attempting to only allow certain users to see certain data. For example

  • Users in group A would only be able to see data for records in the elasticsearch index that have record.group === 'A'
  • Users in group B would only be able to see data for records in the elasticsearch index that have record.group === 'B'

All data that a user "cannot see" should be hidden in visualizations for these users.

Is this possible? The security roles don't seem to be able to do this, so I'm wondering if there is something else that I'm missing

Solution

  • After some research, I've found this: https://docs.aws.amazon.com/quicksight/latest/user/restrict-access-to-a-data-set-using-row-level-security.html