If QuickSight was set up using AD authentication where each of the QuickSight roles are assigned to an AD group when a user is assigned to for example the reader’s AD group as well as the author’s AD group, will they be charged as both a reader and author in QuickSight?
Thank you for posting.
You will only be charged with the role with the highest level of access. In this case, you will be charged just as an author.
Regards,
Demola
Thanks for that Demola.
Going on from my previous question, if a user was assigned to two AD groups say for example reader and author, and we remove them from the author’s AD group (after moving assets that they are the owner of to the Admin group in QuickSight). Will the user when they log in again now be charged as a reader?
Hello Glenvill,
Answer is Yes/No and i think depends on below,
With IAM Identity Center integrated into your QuickSight account or Active Directory users, you can change a user’s role type by moving them to a group that is associated with a different QuickSight role. If a user is in multiple groups that are mapped to different QuickSight role types, the user is able to access QuickSight with the role that offers the broadest level of access.
Accounts that use other identity types can’t upgrade or downgrade a user by transferring them between groups. For more information, see Changing a user’s role.
QuickSight may still charge for author until the month passes and the following month it will be charge as reader.
you may check the user role via cli to confirm what role it has post changes
refer - list-users — AWS CLI 1.38.8 Command Reference
Hope this clears your doubt.
Cheers,
Deep