AWS Security ChangesHomeSearch

AWS cli documentation change

Service: cli · 2025-11-07 · Documentation medium

File: cli/latest/reference/quicksight/search-data-sets.md

Summary

Added documentation for new RowLevelPermissionDataSetMap configuration in data preparation experience and updated CLI version

Security assessment

Introduces documentation for row-level security (RLS) configuration in the new data preparation experience, including permissions policies and access control mechanisms. This clarifies security controls but does not indicate a security issue fix.

Diff

diff --git a/cli/latest/reference/quicksight/search-data-sets.md b/cli/latest/reference/quicksight/search-data-sets.md
index 1ccaf0296..1a38e299f 100644
--- a//cli/latest/reference/quicksight/search-data-sets.md
+++ b//cli/latest/reference/quicksight/search-data-sets.md
@@ -15 +15 @@
-  * [AWS CLI 2.31.28 Command Reference](../../index.html) »
+  * [AWS CLI 2.31.31 Command Reference](../../index.html) »
@@ -354 +354 @@ DataSetSummaries -> (list)
->>> The row-level security configuration for the dataset.
+>>> The row-level security configuration for the dataset in the legacy data preparation experience.
@@ -404,0 +405,70 @@ DataSetSummaries -> (list)
+>> 
+>> RowLevelPermissionDataSetMap -> (map)
+>>
+>>> The row-level security configuration for the dataset in the new data preparation experience.
+>>> 
+>>> key -> (string)
+>>>
+>>>> Constraints:
+>>>> 
+>>>>   * min: `1`
+>>>>   * max: `64`
+>>>>   * pattern: `[0-9a-zA-Z-]*`
+>>>> 
+
+>>> 
+>>> value -> (structure)
+>>>
+>>>> Information about a dataset that contains permissions for row-level security (RLS). The permissions dataset maps fields to users or groups. For more information, see [Using Row-Level Security (RLS) to Restrict Access to a Dataset](https://docs.aws.amazon.com/quicksight/latest/user/restrict-access-to-a-data-set-using-row-level-security.html) in the _Quick Sight User Guide_ .
+>>>> 
+>>>> The option to deny permissions by setting `PermissionPolicy` to `DENY_ACCESS` is not supported for new RLS datasets.
+>>>> 
+>>>> Namespace -> (string)
+>>>>
+>>>>> The namespace associated with the dataset that contains permissions for RLS.
+>>>>> 
+>>>>> Constraints:
+>>>>> 
+>>>>>   * max: `64`
+>>>>>   * pattern: `^[a-zA-Z0-9._-]*$`
+>>>>> 
+
+>>>> 
+>>>> Arn -> (string) [required]
+>>>>
+>>>>> The Amazon Resource Name (ARN) of the dataset that contains permissions for RLS.
+>>>> 
+>>>> PermissionPolicy -> (string) [required]
+>>>>
+>>>>> The type of permissions to use when interpreting the permissions for RLS. `DENY_ACCESS` is included for backward compatibility only.
+>>>>> 
+>>>>> Possible values:
+>>>>> 
+>>>>>   * `GRANT_ACCESS`
+>>>>>   * `DENY_ACCESS`
+>>>>> 
+
+>>>> 
+>>>> FormatVersion -> (string)
+>>>>
+>>>>> The user or group rules associated with the dataset that contains permissions for RLS.
+>>>>> 
+>>>>> By default, `FormatVersion` is `VERSION_1` . When `FormatVersion` is `VERSION_1` , `UserName` and `GroupName` are required. When `FormatVersion` is `VERSION_2` , `UserARN` and `GroupARN` are required, and `Namespace` must not exist.
+>>>>> 
+>>>>> Possible values:
+>>>>> 
+>>>>>   * `VERSION_1`
+>>>>>   * `VERSION_2`
+>>>>> 
+
+>>>> 
+>>>> Status -> (string)
+>>>>
+>>>>> The status of the row-level security permission dataset. If enabled, the status is `ENABLED` . If disabled, the status is `DISABLED` .
+>>>>> 
+>>>>> Possible values:
+>>>>> 
+>>>>>   * `ENABLED`
+>>>>>   * `DISABLED`
+>>>>> 
+
@@ -446 +516 @@ RequestId -> (string)
-  * [AWS CLI 2.31.28 Command Reference](../../index.html) »
+  * [AWS CLI 2.31.31 Command Reference](../../index.html) »