I want to grant edit and view analysis to a user.
However, it looks like quicksight requires all 7 permissions:
“quicksight:RestoreAnalysis”,
“quicksight:UpdateAnalysisPermissions”,
“quicksight:DeleteAnalysis”,
“quicksight:DescribeAnalysisPermissions”,
“quicksight:QueryAnalysis”,
“quicksight:DescribeAnalysis”,
“quicksight:UpdateAnalysis”
Is there anyway to prevent a user to delete an analysis ?
Hi @peterd,
Hope everything is well. I would definitely try following this documentation, as it states that as long as you have administrator privileges, you should be able to customize viewer/owner privileges for user. From your explanation above, I would look into DeleteAnalysis a little further. Let me know if this helps!
Hi,
I don’t think it helps at all.
i am trying to do this with boto3.
client.update_analysis_permissions(AwsAccountId=…,AnalysisId=…,GrantPermissions=[
{
“Principal’“:”arn of the principal”,
“Actions”: [
“quicksight:RestoreAnalysis”,
“quicksight:UpdateAnalysisPermissions”,
“quicksight:DescribeAnalysisPermissions”,
“quicksight:QueryAnalysis”,
“quicksight:DescribeAnalysis”,
“quicksight:UpdateAnalysis”
]
}
it threw this error:
ResourcePermission list contains unsupported permission sets ....
Valid set : [
"quicksight:RestoreAnalysis",
"quicksight:UpdateAnalysisPermissions",
"quicksight:DeleteAnalysis",
"quicksight:QueryAnalysis",
"quicksight:DescribeAnalysisPermissions",
"quicksight:DescribeAnalysis",
"quicksight:UpdateAnalysis"
]
I already check custom permission in Admin UI
there is no option to prevent a user to delete analyse.
Hi @peterd,
Thanks for your further clarification. After looking into this question further, it seems that you cannot remove or add specific permissions from the update_analysis call, as QuickSight either allows users to have all permissions or none at all to provide distinction. However, I would definitely create a support ticket to see in case if there is a workaround AWS Support can assist with.
