AWS cli documentation change
Summary
Enhanced session tags documentation with security requirements for RLS implementation
Security assessment
Added security best practices for row-level security (RLS) implementation, including requirement for secure environment and access controls. No evidence of specific vulnerability being fixed.
Diff
diff --git a/cli/latest/reference/quicksight/generate-embed-url-for-anonymous-user.md b/cli/latest/reference/quicksight/generate-embed-url-for-anonymous-user.md index 77bfa7faa..1681c1d52 100644 --- a//cli/latest/reference/quicksight/generate-embed-url-for-anonymous-user.md +++ b//cli/latest/reference/quicksight/generate-embed-url-for-anonymous-user.md @@ -15 +15 @@ - * [AWS CLI 2.33.8 Command Reference](../../index.html) » + * [AWS CLI 2.33.12 Command Reference](../../index.html) » @@ -146 +146 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/quicks -> The session tags used for row-level security. Before you use this parameter, make sure that you have configured the relevant datasets using the `DataSet$RowLevelPermissionTagConfiguration` parameter so that session tags can be used to provide row-level security. +> Session tags are user-specified strings that identify a session in your application. You can use these tags to implement row-level security (RLS) controls. Before you use the `SessionTags` parameter, make sure that you have configured the relevant datasets using the `DataSet$RowLevelPermissionTagConfiguration` parameter so that session tags can be used to provide row-level security. @@ -148 +148,3 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/quicks -> These are not the tags used for the Amazon Web Services resource tagging feature. For more information, see [Using Row-Level Security (RLS) with Tags](https://docs.aws.amazon.com/quicksight/latest/user/quicksight-dev-rls-tags.html) in the _Amazon Quick Sight User Guide_ . +> When using session tags, you must call `GenerateEmbedUrlForAnonymousUser` from a secure, trusted environment. The API call passes session tags that enable server-side data redaction by using the row-level security (RLS) rules configured in your datasets. A secure, trusted environment has access controls that you implement. These controls ensure that only your server or authorized users can add or modify session tags. +> +> Besides, these are not the tags used for the Amazon Web Services resource tagging feature. For more information, see [Using Row-Level Security (RLS) with Tags](https://docs.aws.amazon.com/quicksight/latest/user/quicksight-dev-rls-tags.html) in the _Amazon Quick Suite User Guide_ . @@ -528 +530 @@ AnonymousUserArn -> (string) - * [AWS CLI 2.33.8 Command Reference](../../index.html) » + * [AWS CLI 2.33.12 Command Reference](../../index.html) »