Restricted folder: unable to create membership

Question & Answer
,
1

I get following error when trying to create membership in a restricted folder via cli

aws quicksight create-folder-membership --aws-account-id xxxxxxxxxx --folder-id folder-restricted --member-id dataset-123 --member-type DATASET

An error occurred (InvalidParameterValueException) when calling the CreateFolderMembership operation: Unsupported operation on Restricted Folder folder-restricted

Also when logged in as the below user with said permissions I don’t see an option to create inside the empty restricted folder
aws quicksight describe-folder-permissions --aws-account-id xxxxxxxxxxxxxxxxx --folder-id folder-restricted

{
    "Status": 200,
    "FolderId": "restricted",
    "Arn": "arn:aws:quicksight:us-east-1:xxxxxxxxxxxxxxxxx:folder/folder-restricted",
    "Permissions": [
        {
            "Principal": "arn:aws:quicksight:us-east-1:xxxxxxxxxxxxxxxxx:user/default/user@email.com",
            "Actions": [
                "quicksight:CreateFolder",
                "quicksight:DescribeFolder",
                "quicksight:CreateFolderMembership",
                "quicksight:DeleteFolderMembership",
                "quicksight:DescribeFolderPermissions"
            ]
        }
    ],
    
}

What am I doing wrong

2

Hi @tlm234

your call has --folder-id folder-restricted but in the permission you have "FolderId": "restricted"can you check that?

BR

4

Fixed the typo. I did cleanup sensitive info before posting and might have accidentally edited that

5

Bump. This is still an issue

6

@tlm234

With QuickSight Restricted Shared folder provides a secure way to develop and govern very high sensitive datasources and related assets. please find more details in the below documentation page , we cannot add any existing assets to Restricted Shared folder . Instead administrator can create the datasource in the Restricted shared folder using API and ensure to provide the Folder ARN with Restricted Shared folder ARN . Once datasource is created any author user having contributor access on the restricted shared folder can create datasets , analysis and publish dashboard and it will reside only within the restricted shared folder.

Snippet to create datasource in restricted folder through API

image
image1302×156 28.7 KB

Screenshot of datasource inside restricted shared folder

image
image1026×316 33.5 KB

Assets Created in Restricted Shared Folder

image
image1187×293 19.4 KB

Did my suggestion help you in resolving your query? If yes, would request you to mark the post as “Solution”. This will help the community to find guidance and answers to similar question. Thank you!

Thanks
VInod

7

Thanks. This is helpful.

8

Hi Vinod,

Wil the assets created inside will have access to the Topics to be created and able to use it in Quicksight Q ?

It will help me a lot thanks Vinod

–Karnan