Group operations are not enabled for this account

jolivares · June 21, 2022, 12:45pm

I’m getting this error when using aws cli to list groups:

aws quicksight list-groups --aws-account-id xxxxxxxxx --namespace default

An error occurred (AccessDeniedException) when calling the ListGroups operation: Group operations are not enabled for this account.

When using the UI I get: ‘You are not authorized to list groups’.

In both cases I assume an aws role when connecting which have the following policies:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "*",
            "Resource": "*"
        }
    ]
}

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "quicksight:CreateGroup",
                "quicksight:ListGroups",
                "quicksight:DeleteGroup",
                "quicksight:UpdateGroup",
                "quicksight:DescribeGroup"
            ],
            "Resource": "arn:aws:quicksight:*:xxxxxxxxx:group/*"
        }
    ]
}

What could be the problem here? Is there anywhere I could get more info about the root cause?

Koushik_Muthanna · June 23, 2022, 9:09pm

Hi,

How are users and groups managed ? ( QuickSight Managed or AD managed ? ) . If AD managed , it will not be possible for public group api to list.

Regards,
Koushik

jolivares · June 27, 2022, 6:14am

How are users and groups managed ? ( QuickSight Managed or AD managed ? )

They are QuickSight Managed.

BTW I’ve tried creating a new namespace and it works OK using the API. So the problem seems to be related to the default namespace.