access-control amazon-quicksight amazon-elasticsearch

AWS Quicksight Fine-grained access control document level security on Elasticsearch data

I have integrated AWS elasticsearch into AWS QuickSight, but we are attempting to only allow certain users to see certain data. For example

Users in group A would only be able to see data for records in the elasticsearch index that have record.group === 'A'
Users in group B would only be able to see data for records in the elasticsearch index that have record.group === 'B'

All data that a user "cannot see" should be hidden in visualizations for these users.

Is this possible? The security roles don't seem to be able to do this, so I'm wondering if there is something else that I'm missing

Solution

After some research, I've found this: https://docs.aws.amazon.com/quicksight/latest/user/restrict-access-to-a-data-set-using-row-level-security.html

Hasura conditional column-based access control
Azure SQL analysts can create views from forbidden cross database data
Protected and "package-private" visibility when inheriting from class in different package
How to restrict access by particular user to bucket using bucket level policy in MinIO?
No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access
What is the simplest way to restrict access to a static website using social auth
AWS: Cross account access fails with not authorized to access this resource
Drupal 7 Access Callback Not Working Properly
Check if online resource is reachable with JavaScript, not requiring the The Same Origin Policy to allow it
Unable to View Roles in Storage Account in Azure getting Blank
Does anyone know details about PERM-AR-DO?
Creating a Limited Privilege PostgreSQL Role for Backend Server
Conditional Binding for Objects in Google Cloud Storage Buckets
Ajax API call Access-Control-Allow-Origin. Origin not allowed access
Cloud Run/Build artifacts buckets are created with Fine Grained access policy by default
ClickHouse SQL driven access control replication
Memory Access Control in Windows Memory Management
XACML how to efficiently control Access to Collections (Lists) of Resources
A MongoDB "userAdminAnyDatabase" user cannot admin users in "any database". Why?
Azure DevOps - Decode ACE permission bits
What is the difference between Policy Target and Rule Target in ALFA or XACML?
How to format Ceph S3 bucket-policy Principal?
MLRun, Role issue - Read only mode for Events, Identity, Grafana, etc
How to make an instance property only visible to subclass?
Symfony2 - set security access_control to allow only authenticated anonymously
Why do memberwise initializers become 'private' when the structure contains a private property?
How do I use Access-Control-Allow-Origin? Does it just go in between the html head tags?
Granular access to directories within monorepo
Auth0 access control
Property must be declared fileprivate because its type ... uses a private type