Is there any way, to deny users impersonating a certain role the creation of their own data sources?
Background: For compliance reasons we need users to use pre-defined data sources to access Athena and prevent them from defining their own.
I tried to modify the roles policy like that
Effect: Deny
Action:
- quicksight:CreateDataSource
- quicksight:DeleteDataSource
- quicksight:UpdateDataSource
- quicksight:UpdateDataSourcePermissions
Resource:
- arn:aws:quicksight:eu-west-1:999999999999:datasource/*
This does not seem to have any effect though.
Hello @d_markow,
IAM policies and QuickSight user permissions are used for different things, to restrict access to QuickSight users, have you looked at creating custom permissions and assigning them to your users?
Hope this helps!
Kind regards,
Andres.
This helps - thank you.
It is unfortunate that the assignment of the custom permission can’t be done in the UI. This would give business users more control as they are often unfamiliar with the command line.
Hello,
I am glad this helps and is the functionality you were looking for.
At AWS, our roadmap is primarily driven by our customers. Your feedback helps us build a better service. I have tagged this as a feature request.
Kind regards,
Andres.
1 Like