I have a use-case where we want to have data sets available to all users. There is some publicly available data that can be used to enrich what our users have. So by default, we want to give everyone access to these datasets. I know you can use shared folders, but they’re really only for discoverability. Is there an equivalent for the code snippet below with groups?
permissions {
principal = "arn:aws:quicksight:us-east-1:${var.aws_account_id}:group/default/all-users"
actions = [
"quicksight:DescribeFolder"
]
}
It seems unreasonable that the only way I can find to do this is to pull all users from the api and then keep them in sync across a bunch of groups (there is a group membership limit). This basically means a continuous job which is constantly making list user requests or coupling it with EventBridge. You do also need to add all groups to the permissions of each of the assets that are being shared with everyone whenever a new group is created…
For more context, this is a web application that wraps around Quicksight. We have users that span many different products and they use our application as a centralized spot to see data. They all have unique permissions that come from the applications that their data is from. We handle those permissions through groups.
The other part of this, is that our CI/CD is in terraform for deploying, and that is how we are creating some the simple datasets for global use. It would be really nice if we can just use a single principal to add all the users this way… Does anything like this exist, or do I need to build an equivalent?
Thanks,