I have a scenario where I need to list down the reports/dashboards of a particular user in QuickSight,
Let say I am the QuickSight admin and I have created 100 paginated Report, I have shared 10 reports with User1, 10 reports with User2! Now In my web application I want to show the 10 reports that are assigned to User1 when User1 logs into the system!
I see there is ListAnalyses and ListDashboard APIs but the API result doesnt have any information of who all has access to it ? or who created it, there is no such info! So what could be the best way to get the reports/dashboards for a particular user
Hi @kodimalar.sakthivel - Thanks for posting this question.
Can you please give more details on your requirement.
Are you looking for details who created the dashboard, which user have get the access ? If yes, you can create a python custom program and using @Max suggestion, you can extract list of dashboard and do a loop and extract other information from Describe dashboard permissions.
Let’s say a user A have access to dashboard but never login and not access the dashboard, if you are looking for the details who are people get the access and actually access and see and download things from QuickSight, Quiksight API will not help you. In that case you need develop a data pipeline ( like collect all cloudtrail logs, filter quicksight api, then parse and clean some data points and create an atena or relational table and create a quicksight report out of it). This kind of report can help us if you want to see who have access and when some one access the PII data elements as well… But this require good amount of processing and establish a pipeline e2e.
In describeDashboardPermission API i dont see any user related Info, just the principle and action are listed on the response of the API!
So basically my scenario will be like both ways some users will login to quicksight and manipulate things on the dashboard, Some users might just access the Embedded Dashboard.
So we are developing a web application where I will embed the dashboard and view it, certain users will have more than view access they will modify the dashboard, we will give the embedded console view for them! Since the application is multi tenant and has got different roles who can just view the dashboard and some can edit the dashboard. Lets say am tenant A, when I logged in I will want to see the dashboard which are applicable only to tenant A and according to the logged in user I may need to show only the read only view of the dashboard or console view!
If i know how the dashboard and user are related , it will be easy for me to show the read-only view vs edit view!
@kodimalar.sakthivel We have a similar use case in our application. It is multi-tenant. Quick description of part of what we did:
For each Tenant we created a QuickSight Group, and a Shared Folder which for only that Group has permissions.
We structured the Shared folder with 3 main subfolders, Datasets, Analysis and Dashboards.
We then wrapped the QuickSight API in a Lambda that the web application calls that will accept either a Group Name and “root” or a Folder Name and then list the dashboard contents of the Folder. Note that “root” is the GroupName/Dashboards shared folder.
If the User withing the tenant is a “READ” user, then we embed the Dashboard in the App. If they are a “AUTHOR” they can either look the Dashboards embedded or they have the option of opening an embedded console.