Restricted folder: unable to create membership

I get following error when trying to create membership in a restricted folder via cli

aws quicksight create-folder-membership --aws-account-id xxxxxxxxxx --folder-id folder-restricted --member-id dataset-123 --member-type DATASET

An error occurred (InvalidParameterValueException) when calling the CreateFolderMembership operation: Unsupported operation on Restricted Folder folder-restricted

Also when logged in as the below user with said permissions I don’t see an option to create inside the empty restricted folder
aws quicksight describe-folder-permissions --aws-account-id xxxxxxxxxxxxxxxxx --folder-id folder-restricted

{
    "Status": 200,
    "FolderId": "restricted",
    "Arn": "arn:aws:quicksight:us-east-1:xxxxxxxxxxxxxxxxx:folder/folder-restricted",
    "Permissions": [
        {
            "Principal": "arn:aws:quicksight:us-east-1:xxxxxxxxxxxxxxxxx:user/default/user@email.com",
            "Actions": [
                "quicksight:CreateFolder",
                "quicksight:DescribeFolder",
                "quicksight:CreateFolderMembership",
                "quicksight:DeleteFolderMembership",
                "quicksight:DescribeFolderPermissions"
            ]
        }
    ],
    
}

What am I doing wrong

Hi @tlm234

your call has --folder-id folder-restricted but in the permission you have "FolderId": "restricted"can you check that?

BR

Fixed the typo. I did cleanup sensitive info before posting and might have accidentally edited that

Bump. This is still an issue

@tlm234

With QuickSight Restricted Shared folder provides a secure way to develop and govern very high sensitive datasources and related assets. please find more details in the below documentation page , we cannot add any existing assets to Restricted Shared folder . Instead administrator can create the datasource in the Restricted shared folder using API and ensure to provide the Folder ARN with Restricted Shared folder ARN . Once datasource is created any author user having contributor access on the restricted shared folder can create datasets , analysis and publish dashboard and it will reside only within the restricted shared folder.

Snippet to create datasource in restricted folder through API

Screenshot of datasource inside restricted shared folder

Assets Created in Restricted Shared Folder

Did my suggestion help you in resolving your query? If yes, would request you to mark the post as “Solution”. This will help the community to find guidance and answers to similar question. Thank you!

Thanks
VInod