Unable to login to Quicksight due to lack of permissions

Q&A
, ,
1

Hello, recently I signed out of Quicksight and have since been unable to sign in. Whenever I try to go to the Quicksight login page, ie. quicksight.aws.amazon.com, it redirects me to some kind of console and requests I provide an email address, which will ‘provision me as a user in the Quick account’. When I provide my email address, it errors because I need to have createUser, createAdmin, or createReader permissions in my account. This is slightly odd to me because I was able to login to Quicksight yesterday, though it was through a different login page (I attempted to visit that page to login as well, and it redirected me to the same console). Do I have to get createUser, createAdmin, or createReader permissions to log in to Quicksight, or is this a bug? Thank you

image
image1569×648 27.9 KB

2

Hi. Thanks you for your question! :slight_smile: Many of our community Experts and folks from our team are on holiday right now. I asked “My Assistant” (universal chat) in Quick, and got this back.
@Brett Could you review and validate the answer below on Monday after you return from holiday?

”here’s guidance for addressing…login issues due to lack of permissions:

Common Causes and Solutions

Permission-Related Login Issues:

When users encounter (that they are) ‘unable to login to QuickSight due to lack of permissions,’ this typically indicates one of several issues:

**1. User Account Not Properly Provisioned

…**

  • Solution: Contact your AWS administrator or QuickSight admin to verify your account exists and is active

2. Insufficient IAM Permissions

  • The user’s IAM role or policy may lack necessary QuickSight permissions

  • Solution: Ensure the IAM policy includes permissions like:

    • quicksight:CreateUser

    • quicksight:CreateAdmin or quicksight:CreateReader

    • Contact your AWS administrator to update IAM policies

3. External Login Federation Issues

If using federated login (like Amazon Cognito):

  • QuickSight maps a single role-based user to a single external login

  • If authenticated through a different external login than originally mapped, access will be denied

  • Solution: Use the UpdateUser API operation to remap the Quick Sight user to the correct external login identity

4. Dashboard-Specific Permissions

  • Access may have been revoked for specific dashboards or resources

  • Solution: The dashboard owner needs to share access with you explicitly

Recommended Steps for the Community Member:

  1. Verify QuickSight Account Status: First confirm you can access Quick Sight at all (not just specific dashboards)

  2. Check with Administrator: Contact your AWS or QuickSight administrator to:

    • Verify your user account exists and is active

    • Confirm appropriate permissions are assigned

    • Check if you’re in the correct QuickSight user group

  3. Review IAM Policies: If you’re using IAM authentication, ensure your role has the necessary QuickSight permissions

  4. Check Federation Setup: If using federated login, verify the external login mapping is correct”

1 Like
3

Hi @bluejay

Depending on the type of account created for your (Reader, Author or admin ) you need to have the basic privileges (CreateReader, CreateUser or CreateAdmin) to access QuickSight.

You say you signed out recently and from then you are not able to login. Do you know if your QuickSight is just an email based account or is it provisioned as a federated account (based on your organizations AWS or Microsoft 365 ) ? If is federated then when you login to your organizations authenticator (Office.com for example) and go through the quicksight URL you shoud directly be in QuickSight without additionan inputs.

If you share additional details it can help digagnose the issue better.

Regards,

Giri

2 Likes
4

Hi @bluejay,

Following up here as it’s been awhile since last communication. Did you have any additional questions or did the suggestions above help with your case?

If we do not hear back within the next 3 business days, I’ll mark the solution.

Thank you

5

Hi @bluejay,

Since we haven’t received any further updates from you, I’ll mark this post as “Solution” for now. If you have any additional questions, please feel free to create a new post in the community and link this discussion for context.

Thank you!