Class: Aws::QuickSight::Types::GenerateEmbedUrlForAnonymousUserRequest
- Inherits:
-
Struct
- Object
- Struct
- Aws::QuickSight::Types::GenerateEmbedUrlForAnonymousUserRequest
- Includes:
- Structure
- Defined in:
- lib/aws-sdk-quicksight/types.rb
Overview
Constant Summary collapse
- SENSITIVE =
[]
Instance Attribute Summary collapse
-
#allowed_domains ⇒ Array<String>
The domains that you want to add to the allow list for access to the generated URL that is then embedded.
-
#authorized_resource_arns ⇒ Array<String>
The Amazon Resource Names (ARNs) for the Quick Sight resources that the user is authorized to access during the lifetime of the session.
-
#aws_account_id ⇒ String
The ID for the Amazon Web Services account that contains the dashboard that you're embedding.
-
#experience_configuration ⇒ Types::AnonymousUserEmbeddingExperienceConfiguration
The configuration of the experience that you are embedding.
-
#namespace ⇒ String
The Amazon Quick Sight namespace that the anonymous user virtually belongs to.
-
#session_lifetime_in_minutes ⇒ Integer
How many minutes the session is valid.
-
#session_tags ⇒ Array<Types::SessionTag>
Session tags are user-specified strings that identify a session in your application.
Instance Attribute Details
#allowed_domains ⇒ Array<String>
The domains that you want to add to the allow list for access to the generated URL that is then embedded. This optional parameter overrides the static domains that are configured in the Manage Quick Sight menu in the Amazon Quick Sight console. Instead, it allows only the domains that you include in this parameter. You can list up to three domains or subdomains in each API call.
To include all subdomains under a specific domain to the allow list,
use *. For example, https://*.sapp.amazon.com includes all
subdomains under https://sapp.amazon.com.
22847 22848 22849 22850 22851 22852 22853 22854 22855 22856 22857 |
# File 'lib/aws-sdk-quicksight/types.rb', line 22847 class GenerateEmbedUrlForAnonymousUserRequest < Struct.new( :aws_account_id, :session_lifetime_in_minutes, :namespace, :session_tags, :authorized_resource_arns, :experience_configuration, :allowed_domains) SENSITIVE = [] include Aws::Structure end |
#authorized_resource_arns ⇒ Array<String>
The Amazon Resource Names (ARNs) for the Quick Sight resources that the user is authorized to access during the lifetime of the session.
If you choose Dashboard embedding experience, pass the list of
dashboard ARNs in the account that you want the user to be able to
view.
If you want to make changes to the theme of your embedded content, pass a list of theme ARNs that the anonymous users need access to.
Currently, you can pass up to 25 theme ARNs in each API call.
22847 22848 22849 22850 22851 22852 22853 22854 22855 22856 22857 |
# File 'lib/aws-sdk-quicksight/types.rb', line 22847 class GenerateEmbedUrlForAnonymousUserRequest < Struct.new( :aws_account_id, :session_lifetime_in_minutes, :namespace, :session_tags, :authorized_resource_arns, :experience_configuration, :allowed_domains) SENSITIVE = [] include Aws::Structure end |
#aws_account_id ⇒ String
The ID for the Amazon Web Services account that contains the dashboard that you're embedding.
22847 22848 22849 22850 22851 22852 22853 22854 22855 22856 22857 |
# File 'lib/aws-sdk-quicksight/types.rb', line 22847 class GenerateEmbedUrlForAnonymousUserRequest < Struct.new( :aws_account_id, :session_lifetime_in_minutes, :namespace, :session_tags, :authorized_resource_arns, :experience_configuration, :allowed_domains) SENSITIVE = [] include Aws::Structure end |
#experience_configuration ⇒ Types::AnonymousUserEmbeddingExperienceConfiguration
The configuration of the experience that you are embedding.
22847 22848 22849 22850 22851 22852 22853 22854 22855 22856 22857 |
# File 'lib/aws-sdk-quicksight/types.rb', line 22847 class GenerateEmbedUrlForAnonymousUserRequest < Struct.new( :aws_account_id, :session_lifetime_in_minutes, :namespace, :session_tags, :authorized_resource_arns, :experience_configuration, :allowed_domains) SENSITIVE = [] include Aws::Structure end |
#namespace ⇒ String
The Amazon Quick Sight namespace that the anonymous user virtually
belongs to. If you are not using an Amazon Quick custom namespace,
set this to default.
22847 22848 22849 22850 22851 22852 22853 22854 22855 22856 22857 |
# File 'lib/aws-sdk-quicksight/types.rb', line 22847 class GenerateEmbedUrlForAnonymousUserRequest < Struct.new( :aws_account_id, :session_lifetime_in_minutes, :namespace, :session_tags, :authorized_resource_arns, :experience_configuration, :allowed_domains) SENSITIVE = [] include Aws::Structure end |
#session_lifetime_in_minutes ⇒ Integer
How many minutes the session is valid. The session lifetime must be in [15-600] minutes range.
22847 22848 22849 22850 22851 22852 22853 22854 22855 22856 22857 |
# File 'lib/aws-sdk-quicksight/types.rb', line 22847 class GenerateEmbedUrlForAnonymousUserRequest < Struct.new( :aws_account_id, :session_lifetime_in_minutes, :namespace, :session_tags, :authorized_resource_arns, :experience_configuration, :allowed_domains) SENSITIVE = [] include Aws::Structure end |
#session_tags ⇒ Array<Types::SessionTag>
Session tags are user-specified strings that identify a session in
your application. You can use these tags to implement row-level
security (RLS) controls. Before you use the SessionTags parameter,
make sure that you have configured the relevant datasets using the
DataSet$RowLevelPermissionTagConfiguration parameter so that
session tags can be used to provide row-level security.
When using SessionTags in GenerateEmbedUrlForAnonymousUser,
-
Treat
SessionTagsas security credentials. Do not exposeSessionTagsto end users or client-side code. -
Implement server-side controls. Ensure that
SessionTagsare set exclusively by your trusted backend services, not by parameters that end users can modify. -
Protect
SessionTagsfrom enumeration. Ensure that users in one tenant cannot discover or guess sessionTag values belonging to other tenants. -
Review your architecture. If downstream customers or partners are allowed to call the
GenerateEmbedUrlForAnonymousUserAPI directly, evaluate whether those parties could specify sessionTag values for tenants they should not access.
Besides, these are not the tags used for the Amazon Web Services resource tagging feature. For more information, see Using Row-Level Security (RLS) with Tags in the Amazon Quick User Guide.
22847 22848 22849 22850 22851 22852 22853 22854 22855 22856 22857 |
# File 'lib/aws-sdk-quicksight/types.rb', line 22847 class GenerateEmbedUrlForAnonymousUserRequest < Struct.new( :aws_account_id, :session_lifetime_in_minutes, :namespace, :session_tags, :authorized_resource_arns, :experience_configuration, :allowed_domains) SENSITIVE = [] include Aws::Structure end |