AWS quicksight documentation change
Summary
Updated trusted identity propagation documentation to clarify it's an IAM Identity Center feature, added prerequisites section reference, and restructured implementation details
Security assessment
The changes enhance documentation about security features (identity propagation, CloudTrail logging, centralized security management) but don't address a specific vulnerability. Added emphasis on audit capabilities and attribute-based access aligns with security best practices.
Diff
diff --git a/quicksight/latest/user/redshift-trusted-identity-propagation.md b/quicksight/latest/user/redshift-trusted-identity-propagation.md index 7ff52c269..5dbcdd402 100644 --- a//quicksight/latest/user/redshift-trusted-identity-propagation.md +++ b//quicksight/latest/user/redshift-trusted-identity-propagation.md @@ -7 +7 @@ -Trusted identity propagation authenticates the end user in Amazon Redshift when they access QuickSight assets that leverage a trusted identity propagation enabled data source. When an author creates a data source with trusted identity propagation, the identity of the data source consumers in QuickSight is propagated and logged in CloudTrail. This allows database administrators to centrally manage data security in Amazon Redshift and automatically apply all data security rules to data consumers in QuickSight. With other authentication methods, the data permissions of the author who created the data source are applied to all data source consumers. The data source author can choose to apply additional row and column level security to the data sources that they create in Amazon QuickSight. +[Trusted identity propagation](https://docs.aws.amazon.com/singlesignon/latest/userguide/trustedidentitypropagation-overview.html) is an AWS IAM Identity Center feature that administrators of connected AWS services can use to grant and audit access to service data. Access to this data is based on user attributes such as group associations. Setting up trusted identity propagation requires collaboration between the administrators of connected AWS services and the IAM Identity Center administrators. For more information, see [Prerequisites and considerations](https://docs.aws.amazon.com/singlesignon/latest/userguide/trustedidentitypropagation-overall-prerequisites.html). @@ -9 +9,3 @@ Trusted identity propagation authenticates the end user in Amazon Redshift when -Trusted identity propagation data sources are supported only in Direct Query datasets. SPICE datasets do not currently support trusted identity propagation. +When trusted identity propagation is enabled, data consumer identities from QuickSight are propagated and logged in CloudTrail. This allows database administrators to centrally manage data security in Amazon Redshift and automatically apply all data security rules to data consumers in QuickSight. + +The data source author can choose to apply additional row and column level security to the data sources that they create in Amazon QuickSight. Trusted identity propagation data sources are supported only in Direct Query datasets. SPICE datasets do not currently support trusted identity propagation.