Customizing access to Amazon QuickSight capabilities
| Applies to: Enterprise Edition |
| Intended audience: Administrators and Amazon QuickSight developers |
In Enterprise edition, you can restrict the functionality that people can access in Amazon QuickSight. You can configure custom permissions at the role (admin, author, reader) and user levels for all identity types in QuickSight. User level custom permissions override a role's existing default or custom role level permissions for the specified user.
The following limitations apply to custom permissions.
-
You can't grant permissions that are above a user's default role. For example, if a user has reader access, you can't grant permissions for that user to edit dashboards.
-
To customize user or role permissions, you need to be a QuickSight administrator with the following IAM permissions:
-
quicksight:CreateCustomPermissions -
quicksight:DeleteCustomPermissions -
quicksight:DescribeCustomPermissions -
quicksight:ListCustomPermissions -
quicksight:UpdateCustomPermissions
-
You can create custom permissions profiles to restrict access to any combination of the following operations.
| Asset | Customizable permissions |
|---|---|
|
Datasets |
Create or update all datasets |
|
Datasets |
Create or update SPICE datasets |
|
Datasets |
View account SPICE capacity |
|
Data sources |
Create or update all data sources |
|
Dashboards and analyses |
Add or run anomaly detection |
|
Dashboards and analyses |
Create or update themes |
|
Dashboards and analyses |
Share analyses |
|
Dashboards and analyses |
Share dashboards |
|
Dashboards and analyses |
Export to CSV |
|
Dashboards and analyses |
Export to Excel |
|
Folders |
Create shared folders |
|
Folders |
Rename shared folders |
|
Reports |
Create or update email reports |
|
Reports |
Subscribe to email reports |
|
Threshold alerts |
Create or update threshold reports |
Use the following topics to create, apply, and modify a custom permissions profile for Amazon QuickSight.