- Newest
- Most votes
- Most comments
Create set of IAM roles based on user persona's and grant access to those data elements from Lake Foramtion to grant safer access to sensitive datasets. In turn those users can use same IAM role to create QuickSight or other dashboards using Athena as a soruce.
map these roles to on-prem AD group in case they are using Single-Sign-on.
Currently, you need to define each filter via the console or the APIs , ad then assign the permissions to each Roles , as you mentioned.
An example implementation is describe in this blog post.
If your customers need access to the their full partition, you grant access only via that specific web-app, and there is no need for additional filters at rows or cell level, you may not need to go for row or cell filtering.
Relevant content
- Accepted Answerasked a year ago
- Accepted Answerasked 5 months ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated 4 years ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated 2 years ago
Please, note the question is if there is a different way to define the filters that is more dynamic.