1. Managing Groups or 2. Mock View of user possible?

Hello,

I’m trying to roll out some views I have : to different stake-holders and with their parameters (group-default setting) they should only see their data separately. I would like to make sure that this works (For example if the user is not in any group what they see, if user is in more than one group by accident what they see) but I’m having a lot of difficulty with it.

Currently I have over 100+ groups created and have one of my test email account and am moving in groups to figure out what happens when and it’s not working well because sometimes the changes in groups do not take immediate affect on these and I’m not really sure what group I put this test email under - (I lost track) and not sure what the best way to figure this out.

So the question is:

  1. How do you manage this? As far as I know, there is no table or anything I can view to see what member is under what group and I have to check each group to figure out?

  2. Is there any function there that as a administrator to go in to see what a certain user is supposed to see - I really fear about users accidentally seeing other views that they should not be seeing?

Thank you,

1 Like

Are you using groups to control what dashboards each user can see or are you using them for row-level security (i.e. to control what each user can see inside a dashboard), or both?

1 Like

I’m not using row level security because I need to compare theirs VS total with flexibility of date-range and different filtering, but kind of similar in a way that each group users will see different values from their group using below:
image

  • and that parameter value is used in multiple calculated field that shows in their analysis. - like their $, Qtys, Ratios, etc. I hope it makes sense.

That makes sense. If you want to see a list of all the groups that a user belongs to, the only way I can think of is to use the API.

If you want to view a dashboard as another user, the easiest way is to put yourself in each group one at a time and view the dashboard. The other way I’ve done it before is by using the API. If you have the dashboard id and the user’s QuickSight username, you can use the API to get an embed URL. You can then put that URL in your browser to see what they would see.

2 Likes

Hi @Liz! Did David’s reply help? Hope so! If so, could you let us know by marking it as solution? Thanks!

Thanks David. Krisitin, they both require going through API which taking a bit of learning curve for me - I can only put as solution after going through this and confirm it working for me - which will take some time. By the way, Why was this unlisted?

Thanks, @Liz Keep us posted on whether David’s solution works. I had bookmarked and unlisted as a reminder to check for a status update today. I have re-listed this based on what you shared. Thanks, Liz!

Thanks - I had some help from a friend - modified a python code working :

import boto3

client = boto3.client(‘quicksight’)
un = input(“Type Username:”)

response = client.list_user_groups(
UserName=un,
AwsAccountId=‘XXXXX’,
Namespace=‘default’
)

for group in response[“GroupList”]:
print(f’Group: {un, group[“GroupName”]}')

but now I’m stuck when I want to loop through all users since I have over 100 users and I’m stuck at the next token part and cannot get over it. Lot’s of learning required for not a complicated request - Would be nice to have a table somewhere I can just pull this easiliy.

Hi @Liz. Thank you for sharing this for the Community. I have pinged one of our solution architects to see if they can take a look at this on Monday.

Hello @Liz in this case to get a list of the groups that each user belongs you will need to iterate user by user and then list the groups.

You can do it using the SDKs (boto3 for python) or also (maybe you find it easier) you can use the aws cli to create a very simple shell script (this example would be for Linux) to iterate on the users and then get the groups:

#!/bin/bash

for username in `aws quicksight list-users --aws-account-id 622380714022 --namespace default --region us-east-1 --output text --query UserList[*].UserName`
do
        aws quicksight list-user-groups --aws-account-id 622380714022 --user-name $username --namespace default --region us-east-1 --output table --query GroupList
done

that will output one table for each user with the list of groups it belongs to.

Hope you find this info useful.

Thank you, regards.

1 Like