From bf5554249fb47e8308974d4ca90304fe85c71642 Mon Sep 17 00:00:00 2001
From: Jeff Bruemmer <jeff.bruemmer@gmail.com>
Date: Mon, 19 Feb 2024 12:15:38 -0500
Subject: [PATCH] docs - redshift impersonation access (#38734)

---
 docs/permissions/data.md | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/docs/permissions/data.md b/docs/permissions/data.md
index 697dace0384..564a4158282 100644
--- a/docs/permissions/data.md
+++ b/docs/permissions/data.md
@@ -61,7 +61,7 @@ Note that [Block](#block-access) access is unavailable for individual tables/sch
 
 {% include plans-blockquote.html feature="Impersonation access" %}
 
-> For now, impersonation access is only available for PostgreSQL, and Snowflake.
+> For now, impersonation access is only available for PostgreSQL, Redshift, and Snowflake.
 
 **Impersonation access** allows you to associate user attributes with database-defined roles and their privileges. Metabase queries made by people with attributes that you define will respect the grants given to the database roles.
 
@@ -75,13 +75,16 @@ Connection impersonation does not apply to users in the Metabase admins group, a
 
 ### Setting up connection impersonation
 
+> **For impersonation to work for Redshift databases, the user account Metabase uses to [connect to your Redshift database](../databases/connections/redshift.md) must be a superuser, as Metabase will need to be able to run the [SET SESSION AUTHORIZATION](https://docs.aws.amazon.com/redshift/latest/dg/r_SET_SESSION_AUTHORIZATION) command, which can only be run by a database superuser.
+
 **In your database:**
 
-- Create a new role.
+- Create a new role (in Redshift, this would be a new user).
 - Grant that role privileges.
 
 For exactly how to create a new role in your database and grant that role privileges, you'll need to consult your database's documentation. We also have some docs on [users, roles, and privileges](../databases/users-roles-privileges.md) that can help you get started.
 
+
 **In your Metabase:**
 
 - Create a [new group](../people-and-groups/managing.md#groups), or select an existing group.
-- 
GitLab