AWS Security ChangesHomeSearch

AWS redshift documentation change

Service: redshift · 2026-03-28 · Documentation low

File: redshift/latest/dg/r_USER_IS_MEMBER_OF.md

Summary

Added data sharing consideration section explaining that USER_IS_MEMBER_OF function evaluates using consumer cluster's security context when querying shared objects

Security assessment

This change clarifies security context behavior in data sharing scenarios but does not indicate a specific security vulnerability being fixed. It adds documentation about security implications of cross-cluster function evaluation.

Diff

diff --git a/redshift/latest/dg/r_USER_IS_MEMBER_OF.md b/redshift/latest/dg/r_USER_IS_MEMBER_OF.md
index 87f4fafde..0275cad57 100644
--- a//redshift/latest/dg/r_USER_IS_MEMBER_OF.md
+++ b//redshift/latest/dg/r_USER_IS_MEMBER_OF.md
@@ -16,0 +17,4 @@ Returns true if the user is a member of a role or group. Superusers can check th
+**Data sharing consideration**
+
+When a consumer cluster queries a shared object that references this function, such as a view, RLS policy, or DDM policy, the function evaluates using the consumer cluster's security context. The consumer's local users, roles, and group memberships determine the result, not those defined on the producer cluster. If you intend to enforce the same permissions context that is implemented on the producer, ensure that the corresponding role names, group names, and user memberships exist on the consumer cluster and match those on the producer.
+