Can't see new users on 'Manage users'

I use SSO with google workspace.
Normally, I can see a new user after this user sign in QuickSight through SSO.
Suddenly, I can’t see 2 of new user as below image. This message is ‘Showing 1 - 44 of 46 users’. Why I can’t see 2 users?

Do you have any of the filters applied on the top?

Otherwise it could be that you have 2 other users in another namespace (dont know this for sure).

Unfortunately, I don’t apply any filters. :cry:

I would be curious if you ran the list-users API/CLI call if all 46 show up or not. Might reveal the problem users (maybe their IAM role got deleted or something…?)

https://docs.aws.amazon.com/cli/latest/reference/quicksight/list-users.html

1 Like

When I ran the list-users CLI call, all 46 users show up.
I’m using google SSO. They sign in QuickSight using the below policy. There was nothing problem so far. Suddenly, this problem happened.
What changes have you lately?

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "quicksight:CreateReader"
            ],
            "Effect": "Allow",
            "Resource": [
                "arn:aws:quicksight::{{aws-account-id}}:user/*"
            ]
        }
    ]
}

Hi Asher,

List-users API call is expected to return the full list. Glance through the list to see if any stand out. Usually, if the IAM role backing an user is deleted, the user will show in the list-users output with N/A in the arn and user name fields. It could be such users that you are missing from UI. (If the role was created again in IAM with same name and the user logged in afterwards, it still creates a new user in QuickSight - as role id changed and it is part of QuickSight user principal id. If this is the case, you can delete the N/A instance of the users using delete-user-by-principal-id API).

If you don’t see any users with N/A arn/username, compare list-users output with the UI list to find the ones that are missing in UI. Confirm that their IAM role is still active, those users are able to access QuickSight and cut a support ticket for dev team to dig deeper into why those two users are not showing up in the UI (Include account and user details in the ticket).

Here are the steps for opening a support ticket - Creating support cases and case management - AWS Support. If your company has someone who manages your AWS account, you might not have direct access to AWS Support and will need to raise an internal ticket to your IT team or whomever manages your AWS account. They should be able to open an AWS Support case on your behalf

I’m marking this as solution to your issue. If you above mentioned details doesn’t help/address your issue, feel free to revert the solution flag.

Regards,
Arun Santhosh