AWS Security ChangesHomeSearch

AWS cli documentation change

Service: cli · 2026-01-31 · Documentation medium

File: cli/latest/reference/quicksight/generate-embed-url-for-anonymous-user.md

Summary

Enhanced session tags documentation with security requirements for RLS implementation

Security assessment

Added security best practices for row-level security (RLS) implementation, including requirement for secure environment and access controls. No evidence of specific vulnerability being fixed.

Diff

diff --git a/cli/latest/reference/quicksight/generate-embed-url-for-anonymous-user.md b/cli/latest/reference/quicksight/generate-embed-url-for-anonymous-user.md
index 77bfa7faa..1681c1d52 100644
--- a//cli/latest/reference/quicksight/generate-embed-url-for-anonymous-user.md
+++ b//cli/latest/reference/quicksight/generate-embed-url-for-anonymous-user.md
@@ -15 +15 @@
-  * [AWS CLI 2.33.8 Command Reference](../../index.html) »
+  * [AWS CLI 2.33.12 Command Reference](../../index.html) »
@@ -146 +146 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/quicks
-> The session tags used for row-level security. Before you use this parameter, make sure that you have configured the relevant datasets using the `DataSet$RowLevelPermissionTagConfiguration` parameter so that session tags can be used to provide row-level security.
+> Session tags are user-specified strings that identify a session in your application. You can use these tags to implement row-level security (RLS) controls. Before you use the `SessionTags` parameter, make sure that you have configured the relevant datasets using the `DataSet$RowLevelPermissionTagConfiguration` parameter so that session tags can be used to provide row-level security.
@@ -148 +148,3 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/quicks
-> These are not the tags used for the Amazon Web Services resource tagging feature. For more information, see [Using Row-Level Security (RLS) with Tags](https://docs.aws.amazon.com/quicksight/latest/user/quicksight-dev-rls-tags.html) in the _Amazon Quick Sight User Guide_ .
+> When using session tags, you must call `GenerateEmbedUrlForAnonymousUser` from a secure, trusted environment. The API call passes session tags that enable server-side data redaction by using the row-level security (RLS) rules configured in your datasets. A secure, trusted environment has access controls that you implement. These controls ensure that only your server or authorized users can add or modify session tags.
+> 
+> Besides, these are not the tags used for the Amazon Web Services resource tagging feature. For more information, see [Using Row-Level Security (RLS) with Tags](https://docs.aws.amazon.com/quicksight/latest/user/quicksight-dev-rls-tags.html) in the _Amazon Quick Suite User Guide_ .
@@ -528 +530 @@ AnonymousUserArn -> (string)
-  * [AWS CLI 2.33.8 Command Reference](../../index.html) »
+  * [AWS CLI 2.33.12 Command Reference](../../index.html) »