Register User with IdentityType "QUICKSIGHT" with JAVA SDK

Hi,
I am getting below exception when registering User with type Quicksight . I have below policy attached to the my app service role.
{
“Action”: “quicksight:RegisterUser”,
“Resource”: “*”,
“Effect”: “Allow”
}

Error:

Account {{accountId}} is not authorized to create Quicksight identityType user.AWS account id: {{accountId}} , Namespace: default. (Error code: 401)

I am also getting 403 for for ListUser operation
{
“Action”: “quicksight:ListUsers”,
“Resource”: “*”,
“Effect”: “Allow”
}

is not authorized to perform: quicksight:ListUsers on resource: arn:aws:quicksight:us-east-2:{{accountId}}:user/default/* because no identity-based policy allows the quicksight:ListUsers action (Service: AmazonQuick Sight; Status Code: 403; Error Code: AccessDeniedException)",
    "messages": [
        null
    ]

@sav0819 ,

I believe your Quick Sight account does not have the ability to invite users ( In Quick Sight > Manage Quick Sight > Manage Users > Invite Users) .

Identity Type QUICKSIGHT is only available when you choose * Use IAM federated identities and Quick Sight-managed users during sign up of Quick Sight ( Signing up for an Amazon QuickSight subscription - Amazon QuickSight )

How are your current users accessing Quick Sight ?

yes we used IAM federated identities and Quick Sight-managed users during sign up of Quick Sight.

Can you share me the required policy to list register users from my application service role.
Do we need to have “quicksight:CreateAdmin” policy to register and list users?

Hello @sav0819, I think the issue here is that you cannot use IdentityType QUICKSIGHT when you are creating users through IAM. This is for users created directly in Quick Sight. You are going to need to use either IAM or IAM_IDENTITY_CENTER. I’ll attach the documentation that contains more information about this process.

I am going to mark this as a solution, if you have further questions, please let me know!