I am trying to understand the use of different identity-based policies listed here . More specifically, a use case for these policies as we have a very simple implementation of QuickSight where we have a custom role defined for QuickSight. Initially, we assumed this this role ( replaced the service role) to allow QuickSight to discover AWS resources for creating visuals. We then created users with different roles as Authors and Readers.
FYI, We are using a user with QuickSight Admin role to manage QuickSight Assets.
Really appreciate if some one could help me understand the use of these IAM policies.
Hello Larry,
Welcome to the QS community & thank you for posting the question.
IAM is used with Amazon QuickSight in several ways, including the following:
- If your company uses IAM for their identity management, people might have IAM user names and passwords that they use to sign in to Amazon QuickSight.
- If you want your Amazon QuickSight users to be automatically created at first sign-in, you can use IAM to create a policy for users who are preauthorized to use Amazon QuickSight.
- If you want to create specialized access for specific groups of QuickSight users or to specific resources, you can use IAM policies to accomplish this.
For more info - see Introduction to IAM concepts - Amazon QuickSight
Hope this helps.
Cheers,
Deep
Thanks @Deep.
Just to clarify,
- To limit the capability of a QuickSight DataSet, it can be controlled by the role which QuickSight is going to assume.
- To limit the capability of a user we can control using IAM policies.
please confirm.
Hello Larry,
Yes i would say ! basically role is a type of IAM identity that can be authenticated and authorized to utilize an AWS resource, whereas a policy defines the permissions of the IAM identity.
You may refer Using Amazon QuickSight with IAM - Amazon QuickSight for better understanding from quickSight context.
Hope this helps.
Cheers,
Deep