Enabling trusted identity propagation with Amazon Redshift - Amazon QuickSight
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Enabling trusted identity propagation with Amazon Redshift

Trusted identity propagation is an Amazon IAM Identity Center feature that administrators of connected Amazon Web Services services can use to grant and audit access to service data. Access to this data is based on user attributes such as group associations. Setting up trusted identity propagation requires collaboration between the administrators of connected Amazon Web Services services and the IAM Identity Center administrators. For more information, see Prerequisites and considerations.

When trusted identity propagation is enabled, data consumer identities from QuickSight are propagated and logged in CloudTrail. This allows database administrators to centrally manage data security in Amazon Redshift and automatically apply all data security rules to data consumers in QuickSight.

The data source author can choose to apply additional row and column level security to the data sources that they create in Amazon QuickSight. Trusted identity propagation data sources are supported only in Direct Query datasets. SPICE datasets do not currently support trusted identity propagation.

Topics