I’ve run into a really peculiar set of constraints. Trying to understand why is this a limitation and if there are any work arounds.
I am getting the following error:
Invalid request provided: Resultant state of actions on this resource is not supported.
Valid states:
[
"quicksight:DescribeDataSet",
"quicksight:DescribeDataSetPermissions",
"quicksight:PassDataSet",
"quicksight:DescribeIngestion",
"quicksight:ListIngestions"
]
or
[
"quicksight:DescribeDataSet",
"quicksight:DescribeDataSetPermissions",
"quicksight:PassDataSet",
"quicksight:DescribeIngestion",
"quicksight:ListIngestions",
"quicksight:UpdateDataSet",
"quicksight:DeleteDataSet",
"quicksight:CreateIngestion",
"quicksight:CancelIngestion",
"quicksight:UpdateDataSetPermissions"
]
I am attempting to create an “almost owner” permission, which is basically everything an owner can do, with the exception of being able to delete the datasets, as we want to manage them as code and I’d like to prevent accidental deletions.
These are the permissions when a group is set as an owner:
quicksight:ListIngestions
quicksight:DeleteDataSet
quicksight:UpdateDataSetPermissions
quicksight:CancelIngestion
quicksight:DescribeDataSetPermissions
quicksight:UpdateDataSet
quicksight:DescribeDataSet
quicksight:PassDataSet
quicksight:DescribeIngestion
quicksight:CreateIngestion
I am removing the quicksight:DeleteDataSet
action:
quicksight:ListIngestions
- quicksight:DeleteDataSet
quicksight:UpdateDataSetPermissions
quicksight:CancelIngestion
quicksight:DescribeDataSetPermissions
quicksight:UpdateDataSet
quicksight:DescribeDataSet
quicksight:PassDataSet
quicksight:DescribeIngestion
quicksight:CreateIngestion
And getting the error above.
I think it’s a really weird limitation and it does not make sense to me as both the end user and as a devops professional.
Why wouldn’t a user be able to refresh a data set, without being able to delete it?