Custom permissions without any effect on Embedded console

Hello,

I’m trying to embed Quicksight console on an application.
I don’t want users to be able to create dataset & analysis so I have created a custom profile with custom permissions disabling dataset/analysis creation.
I have assigned it to users but i can still see Dataset&Analysis items in left menu.
I don’t know what i am missing?
Need help please :slight_smile:
Thanks

My CLI commands:

#Create namespace
aws quicksight create-namespace --aws-account-id X --namespace test --identity-store QUICKSIGHT

#Create user
aws quicksight register-user --identity-type QUICKSIGHT --email test2@test.com --user-name test2 --user-role AUTHOR --aws-account-id X --namespace test

#Create custom profile (APP_REPORTER) on AWS console with following permissions : Restrict exporting data from visuals to CSV, Restrict exporting data from visuals to Excel, Restrict sharing analyses, Restrict sharing dashboards

#Add custom profile to user
aws quicksight update-user --email test2@test.com --user-name test2 --role AUTHOR --custom-permissions-name APP_REPORTER --aws-account-id X --namespace test

#Generate Embeded URL
aws quicksight generate-embed-url-for-registered-user --user-arn arn:aws:quicksight:eu-west-1:X:user/test/test2 --experience-configuration QuickSightConsole={InitialPath=/start} --aws-account-id X

Hi spahlala,

Looks like you dont want users to create and update datasets and analysis. Are these users readers in that case and are they provisioned as authors in your account?

For datasets restriction you would also need to select “Creating and updating all datasets” when creating a custom permission set.

Thanks

Hi agmayan,

You put me in the good direction…
My mistake simply was that I haven’t understand how the “Custom permission” screen works…
I selected all permissions to assign them to the profile but in fact this is the opposite : any option that is not selected is allowed.

Thanks :slight_smile:

Thanks for the update. Glad we could help.