AWS Certified Big Data – Specialty — Question 25

Managers in a company need access to the human resources database that runs on Amazon Redshift, to run reports about their employees. Managers must only see information about their direct reports.
Which technique should be used to address this requirement with Amazon Redshift?

Answer options

• A. Define an IAM group for each manager with each employee as an IAM user in that group, and use that to limit the access.
• B. Use Amazon Redshift snapshot to create one cluster per manager. Allow the manager to access only their designated clusters.
• C. Define a key for each manager in AWS KMS and encrypt the data for their employees with their private keys.
• D. Define a view that uses the employee’s manager name to filter the records based on current user names.

Correct answer: A

Explanation

Option A is correct because it allows for precise access control by tying each manager to their direct reports through IAM groups. The other options either create unnecessary complexity (B), do not provide appropriate access control (C), or do not offer a straightforward filtering mechanism (D) for the specific requirement of limiting access to direct reports.