Actions, resources, and condition keys for Amazon QuickSight
Amazon QuickSight (service prefix: quicksight
) provides the following service-specific resources, actions, and condition context keys for use in IAM permission policies.
References:
-
Learn how to configure this service.
-
View a list of the API operations available for this service.
-
Learn how to secure this service and its resources by using IAM permission policies.
Topics
Actions defined by Amazon QuickSight
You can specify the following actions in the Action
element of an IAM policy statement. Use policies to grant permissions to perform an operation in Amazon. When you use an action in a policy, you usually allow or deny access to the API operation or CLI command with the same name. However, in some cases, a single action controls access to more than one operation. Alternatively, some operations require several different actions.
The Resource types column of the Actions table indicates whether each action supports resource-level permissions. If there is no value for this column, you must specify all resources ("*") to which the policy applies in the Resource
element of your policy statement. If the column includes a resource type, then you can specify an ARN of that type in a statement with that action. If the action has one or more required resources, the caller must have permission to use the action with those resources. Required resources are indicated in the table with an asterisk (*). If you limit resource access with the Resource
element in an IAM policy, you must include an ARN or pattern for each required resource type. Some actions support multiple resource types. If the resource type is optional (not indicated as required), then you can choose to use one of the optional resource types.
The Condition keys column of the Actions table includes keys that you can specify in a policy statement's Condition
element. For more information on the condition keys that are associated with resources for the service, see the Condition keys column of the Resource types table.
Note
Resource condition keys are listed in the Resource types table. You can find a link to the resource type that applies to an action in the Resource types (*required) column of the Actions table. The resource type in the Resource types table includes the Condition keys column, which are the resource condition keys that apply to an action in the Actions table.
For details about the columns in the following table, see Actions table.
Actions | Description | Access level | Resource types (*required) | Condition keys | Dependent actions |
---|---|---|---|---|---|
AccountConfigurations [permission only] | Grants permission to enable setting default access to Amazon resources | Write | |||
BatchCreateTopicReviewedAnswer | Grants permission to create reviewed answers for a topic | Write | |||
BatchDeleteTopicReviewedAnswer | Grants permission to delete reviewed answers for a topic | Write | |||
CancelIngestion | Grants permission to cancel a SPICE ingestions on a dataset | Write | |||
CreateAccountCustomization | Grants permission to create an account customization for QuickSight account or namespace | Write | |||
CreateAccountSubscription | Grants permission to subscribe to QuickSight | Write | |||
CreateAdmin [permission only] | Grants permission to provision Amazon QuickSight administrators, authors, and readers | Write | |||
CreateAnalysis | Grants permission to create an analysis from a template | Write | |||
CreateBrand | Grants permission to create an Amazon QuickSight brand | Write | |||
CreateCustomPermissions | Grants permission to create a QuickSight custom permissions resource | Write | |||
CreateDashboard | Grants permission to create a QuickSight Dashboard | Write | |||
CreateDataSet | Grants permission to create a dataset | Write |
quicksight:PassDataSource |
||
CreateDataSource | Grants permission to create a data source | Write |
iam:PassRole |
||
CreateEmailCustomizationTemplate [permission only] | Grants permission to create a QuickSight email customization template | Write | |||
CreateFolder | Grants permission to create a QuickSight folder | Write | |||
CreateFolderMembership | Grants permission to add a QuickSight Dashboard, Analysis or Dataset to a QuickSight Folder | Write | |||
CreateGroup | Grants permission to create a QuickSight group | Write | |||
CreateGroupMembership | Grants permission to add a QuickSight user to a QuickSight group | Write | |||
CreateIAMPolicyAssignment | Grants permission to create an assignment with one specified IAM Policy ARN that will be assigned to specified groups or users of QuickSight | Write | |||
CreateIngestion | Grants permission to start a SPICE ingestion on a dataset | Write | |||
CreateNamespace | Grants permission to create an QuickSight namespace | Write |
ds:CreateIdentityPoolDirectory |
||
CreateReader [permission only] | Grants permission to provision Amazon QuickSight readers | Write | |||
CreateRefreshSchedule | Grants permission to create a refresh schedule for a dataset | Write | |||
CreateRoleMembership | Grants permission to add a group member to a role | Write | |||
CreateTemplate | Grants permission to create a template | Write | |||
CreateTemplateAlias | Grants permission to create a template alias | Write | |||
CreateTheme | Grants permission to create a theme | Write | |||
CreateThemeAlias | Grants permission to create an alias for a theme version | Write | |||
CreateTopic | Grants permission to create a topic | Write |
quicksight:PassDataSet |
||
CreateTopicRefreshSchedule | Grants permission to create a refresh schedule for a topic | Write | |||
CreateUser [permission only] | Grants permission to provision Amazon QuickSight authors and readers | Write | |||
CreateVPCConnection | Grants permission to create a vpc connection | Write |
iam:PassRole |
||
DeleteAccountCustomization | Grants permission to delete an account customization for QuickSight account or namespace | Write | |||
DeleteAccountSubscription | Grants permission to delete a QuickSight account | Write | |||
DeleteAnalysis | Grants permission to delete an analysis | Write | |||
DeleteBrand | Grants permission to delete an Amazon QuickSight brand | Write | |||
DeleteBrandAssignment | Grants permission to delete a brand assignment | Write | |||
DeleteCustomPermissions | Grants permission to delete a QuickSight custom permissions resource | Write | |||
DeleteDashboard | Grants permission to delete a QuickSight Dashboard | Write | |||
DeleteDataSet | Grants permission to delete a dataset | Write | |||
DeleteDataSetRefreshProperties | Grants permission to delete dataset refresh properties for a dataset | Write | |||
DeleteDataSource | Grants permission to delete a data source | Write | |||
DeleteEmailCustomizationTemplate [permission only] | Grants permission to delete a QuickSight email customization template | Write | |||
DeleteFolder | Grants permission to delete a QuickSight Folder | Write | |||
DeleteFolderMembership | Grants permission to remove a QuickSight Dashboard, Analysis or Dataset from a QuickSight Folder | Write | |||
DeleteGroup | Grants permission to remove a user group from QuickSight | Write | |||
DeleteGroupMembership | Grants permission to remove a user from a group so that he/she is no longer a member of the group | Write | |||
DeleteIAMPolicyAssignment | Grants permission to update an existing assignment | Write | |||
DeleteIdentityPropagationConfig | Grants permission to remove Amazon services for trusted identity propagation in QuickSight | Write | |||
DeleteNamespace | Grants permission to delete a QuickSight namespace | Write |
ds:DeleteDirectory |
||
DeleteRefreshSchedule | Grants permission to delete a refresh schedule for a dataset | Write | |||
DeleteRoleCustomPermission | Grants permission to remove the custom permission associated with a role | Write | |||
DeleteRoleMembership | Grants permission to remove a group member from a role | Write | |||
DeleteTemplate | Grants permission to delete a template | Write | |||
DeleteTemplateAlias | Grants permission to delete a template alias | Write | |||
DeleteTheme | Grants permission to delete a theme | Write | |||
DeleteThemeAlias | Grants permission to delete the alias of a theme | Write | |||
DeleteTopic | Grants permission to delete a topic | Write | |||
DeleteTopicRefreshSchedule | Grants permission to delete a refresh schedule for a topic | Write | |||
DeleteUser | Grants permission to delete a QuickSight user, given the user name | Write | |||
DeleteUserByPrincipalId | Grants permission to deletes a user identified by its principal ID | Write | |||
DeleteUserCustomPermission | Grants permission to remove the custom permission associated with a user | Write | |||
DeleteVPCConnection | Grants permission to delete a vpc connection | Write | |||
DescribeAccountCustomization | Grants permission to describe an account customization for QuickSight account or namespace | Read | |||
DescribeAccountSettings | Grants permission to describe the administrative account settings for QuickSight account | Read | |||
DescribeAccountSubscription | Grants permission to describe a QuickSight account | Read | |||
DescribeAnalysis | Grants permission to describe an analysis | Read | |||
DescribeAnalysisPermissions | Grants permission to describe permissions for an analysis | Read | |||
DescribeAssetBundleExportJob | Grants permission to describe an asset bundle export job | Read | |||
DescribeAssetBundleImportJob | Grants permission to describe an asset bundle import job | Read | |||
DescribeBrand | Grants permission to describe a brand | Read | |||
DescribeBrandAssignment | Grants permission to describe a brand assignment | Read | |||
DescribeBrandPublishedVersion | Grants permission to describes the published version of the brand | Read | |||
DescribeCustomPermissions | Grants permission to describe a custom permissions resource in a QuickSight account | Read | |||
DescribeDashboard | Grants permission to describe a QuickSight Dashboard | Read | |||
DescribeDashboardPermissions | Grants permission to describe permissions for a QuickSight Dashboard | Read | |||
DescribeDashboardSnapshotJob | Grants permission to describe a dashboard snapshot job | Read | |||
DescribeDashboardSnapshotJobResult | Grants permission to describe result of a dashboard snapshot job | Read | |||
DescribeDashboardsQAConfiguration | Grants permission to describe dashboards qa configuration | Read | |||
DescribeDataSet | Grants permission to describe a dataset | Read | |||
DescribeDataSetPermissions | Grants permission to describe the resource policy of a dataset | Permissions management | |||
DescribeDataSetRefreshProperties | Grants permission to describe refresh properties for a dataset | Read | |||
DescribeDataSource | Grants permission to describe a data source | Read | |||
DescribeDataSourcePermissions | Grants permission to describe the resource policy of a data source | Permissions management | |||
DescribeEmailCustomizationTemplate [permission only] | Grants permission to describe a QuickSight email customization template | Read | |||
DescribeFolder | Grants permission to describe a QuickSight Folder | Read | |||
DescribeFolderPermissions | Grants permission to describe permissions for a QuickSight Folder | Read | |||
DescribeFolderResolvedPermissions | Grants permission to describe resolved permissions for a QuickSight Folder | Read | |||
DescribeGroup | Grants permission to describe a QuickSight group | Read | |||
DescribeGroupMembership | Grants permission to describe a QuickSight group member | Read | |||
DescribeIAMPolicyAssignment | Grants permission to describe an existing assignment | Read | |||
DescribeIngestion | Grants permission to describe a SPICE ingestion on a dataset | Read | |||
DescribeIpRestriction | Grants permission to describe the IP restrictions for QuickSight account | Read | |||
DescribeKeyRegistration | Grants permission to describe QuickSight key registration | Read | |||
DescribeNamespace | Grants permission to describe a QuickSight namespace | Read | |||
DescribeQPersonalizationConfiguration | Grants permission to describe a personalization configuration | Read | |||
DescribeRefreshSchedule | Grants permission to describe a refresh schedule for a dataset | Read | |||
DescribeRoleCustomPermission | Grants permission to describe the custom permission associated with a role | Read | |||
DescribeTemplate | Grants permission to describe a template | Read | |||
DescribeTemplateAlias | Grants permission to describe a template alias | Read | |||
DescribeTemplatePermissions | Grants permission to describe permissions for a template | Read | |||
DescribeTheme | Grants permission to describe a theme | Read | |||
DescribeThemeAlias | Grants permission to describe a theme alias | Read | |||
DescribeThemePermissions | Grants permission to describe permissions for a theme | Read | |||
DescribeTopic | Grants permission to describe a topic | Read | |||
DescribeTopicPermissions | Grants permission to describe the resource policy of a topic | Permissions management | |||
DescribeTopicRefresh | Grants permission to describe the refresh status of a topic | Read | |||
DescribeTopicRefreshSchedule | Grants permission to describe a refresh schedule for a topic | Read | |||
DescribeUser | Grants permission to describe a QuickSight user given the user name | Read | |||
DescribeVPCConnection | Grants permission to describe a vpc connection | Read | |||
GenerateEmbedUrlForAnonymousUser | Grants permission to generate a URL used to embed a QuickSight Dashboard or Q Topic for a user not registered with QuickSight | Write | |||
GenerateEmbedUrlForRegisteredUser | Grants permission to generate a URL used to embed a QuickSight Dashboard for a user registered with QuickSight | Write | |||
GetAnonymousUserEmbedUrl [permission only] | Grants permission to get a URL used to embed a QuickSight Dashboard for a user not registered with QuickSight | Read | |||
GetAuthCode [permission only] | Grants permission to get an auth code representing a QuickSight user | Read | |||
GetDashboardEmbedUrl | Grants permission to get a URL used to embed a QuickSight Dashboard | Read | |||
GetGroupMapping [permission only] | Grants permission to use Amazon QuickSight, in Enterprise edition, to identify and display the Microsoft Active Directory (Microsoft Active Directory) directory groups that are mapped to roles in Amazon QuickSight | Read | |||
GetSessionEmbedUrl | Grants permission to get a URL to embed QuickSight console experience | Read | |||
ListAnalyses | Grants permission to list all analyses in an account | List | |||
ListAssetBundleExportJobs | Grants permission to list all asset bundle export jobs | List | |||
ListAssetBundleImportJobs | Grants permission to list all asset bundle import jobs | List | |||
ListBrands | Grants permission to lists all brands in an Amazon QuickSight account | List | |||
ListCustomPermissions | Grants permission to list custom permissions resources in QuickSight account | List | |||
ListCustomerManagedKeys [permission only] | Grants permission to list all registered customer managed keys | List | |||
ListDashboardVersions | Grants permission to list all versions of a QuickSight Dashboard | List | |||
ListDashboards | Grants permission to list all Dashboards in a QuickSight Account | List | |||
ListDataSets | Grants permission to list all datasets | List | |||
ListDataSources | Grants permission to list all data sources | List | |||
ListFolderMembers | Grants permission to list all members in a folder | Read | |||
ListFolders | Grants permission to list all Folders in a QuickSight Account | List | |||
ListFoldersForResource | Grants permission to list all Folders in which a QuickSight resource is a member | List | |||
ListGroupMemberships | Grants permission to list member users in a group | List | |||
ListGroups | Grants permission to list all user groups in QuickSight | List | |||
ListIAMPolicyAssignments | Grants permission to list all assignments in the current Amazon QuickSight account | List | |||
ListIAMPolicyAssignmentsForUser | Grants permission to list all assignments assigned to a user and the groups it belongs | List | |||
ListIdentityPropagationConfigs | Grants permission to list Amazon services enabled for trusted identity propagation in QuickSight | List | |||
ListIngestions | Grants permission to list all SPICE ingestions on a dataset | List | |||
ListKMSKeysForUser [permission only] | Grants permission to list a user's KMS keys | List | |||
ListNamespaces | Grants permission to lists all namespaces in a QuickSight account | List | |||
ListRefreshSchedules | Grants permission to list all refresh schedules on a dataset | List | |||
ListRoleMemberships | Grants permission to list the members of a role | List | |||
ListTagsForResource | Grants permission to list tags of a QuickSight resource | Read | |||
ListTemplateAliases | Grants permission to list all aliases for a template | List | |||
ListTemplateVersions | Grants permission to list all versions of a template | List | |||
ListTemplates | Grants permission to list all templates in a QuickSight account | List | |||
ListThemeAliases | Grants permission to list all aliases of a theme | List | |||
ListThemeVersions | Grants permission to list all versions of a theme | List | |||
ListThemes | Grants permission to list all themes in an account | List | |||
ListTopicRefreshSchedules | Grants permission to list all refresh schedules on a topic | List | |||
ListTopicReviewedAnswers | Grants permission to list all reviewed answers for topic | List | |||
ListTopics | Grants permission to list all topics | List | |||
ListUserGroups | Grants permission to list groups that a given user is a member of | List | |||
ListUsers | Grants permission to list all of the QuickSight users belonging to this account | List | |||
ListVPCConnections | Grants permission to list all vpc connections | List | |||
PassDataSet [permission only] | Grants permission to use a dataset for a template | Read | |||
PassDataSource [permission only] | Grants permission to use a data source for a data set | Read | |||
PutDataSetRefreshProperties | Grants permission to put dataset refresh properties for a dataset | Write | |||
RegisterCustomerManagedKey [permission only] | Grants permission to register a customer managed key | Write | |||
RegisterUser | Grants permission to create a QuickSight user, whose identity is associated with the IAM identity/role specified in the request | Write | |||
RemoveCustomerManagedKey [permission only] | Grants permission to remove a customer managed key | Write | |||
RestoreAnalysis | Grants permission to restore a deleted analysis | Write | |||
ScopeDownPolicy [permission only] | Grants permission to manage scoping policies for permissions to Amazon resources | Write | |||
SearchAnalyses | Grants permission to search for a sub-set of analyses | List | |||
SearchDashboards | Grants permission to search for a sub-set of QuickSight Dashboards | List | |||
SearchDataSets | Grants permission to search for a sub-set of QuickSight DatSets | List | |||
SearchDataSources | Grants permission to search for a sub-set of QuickSight Data Sources | List | |||
SearchDirectoryGroups [permission only] | Grants permission to use Amazon QuickSight, in Enterprise edition, to display your Microsoft Active Directory directory groups so that you can choose which ones to map to roles in Amazon QuickSight | List | |||
SearchFolders | Grants permission to search for a sub-set of QuickSight Folders | Read | |||
SearchGroups | Grants permission to search for a sub-set of QuickSight groups | List | |||
SearchTopics | Grants permission to search for a sub-set of topics | List | |||
SearchUsers [permission only] | Grants permission to search the QuickSight users belonging to this account | List | |||
SetGroupMapping [permission only] | Grants permission to use Amazon QuickSight, in Enterprise edition, to display your Microsoft Active Directory directory groups so that you can choose which ones to map to roles in Amazon QuickSight | Write | |||
StartAssetBundleExportJob | Grants permission to start an asset bundle export job | Write | |||
StartAssetBundleImportJob | Grants permission to start an asset bundle import job | Write | |||
StartDashboardSnapshotJob | Grants permission to start a dashboard snapshot job | Write | |||
StartDashboardSnapshotJobSchedule | Grants permission to start a dashboard snapshot job schedule | Write | |||
Subscribe [permission only] | Grants permission to subscribe to Amazon QuickSight, and also to allow the user to upgrade the subscription to Enterprise edition | Write | |||
TagResource | Grants permission to add tags to a QuickSight resource | Tagging | |||
Unsubscribe [permission only] | Grants permission to unsubscribe from Amazon QuickSight, which permanently deletes all users and their resources from Amazon QuickSight | Write | |||
UntagResource | Grants permission to remove tags from a QuickSight resource | Tagging | |||
UpdateAccountCustomization | Grants permission to update an account customization for QuickSight account or namespace | Write | |||
UpdateAccountSettings | Grants permission to update the administrative account settings for QuickSight account | Write | |||
UpdateAnalysis | Grants permission to update an analysis | Write | |||
UpdateAnalysisPermissions | Grants permission to update permissions for an analysis | Permissions management | |||
UpdateBrand | Grants permission to update a brand | Write | |||
UpdateBrandAssignment | Grants permission to update a brand assignment | Write | |||
UpdateBrandPublishedVersion | Grants permission to update the published version of a brand | Write | |||
UpdateCustomPermissions | Grants permission to update a QuickSight custom permissions resource | Write | |||
UpdateDashboard | Grants permission to update a QuickSight Dashboard | Write | |||
UpdateDashboardLinks | Grants permission to update a QuickSight Dashboard's links | Write | |||
UpdateDashboardPermissions | Grants permission to update permissions for a QuickSight Dashboard | Permissions management | |||
UpdateDashboardPublishedVersion | Grants permission to update a QuickSight Dashboard's Published Version | Write | |||
UpdateDashboardsQAConfiguration | Grants permission to update dashboards qa configuration | Write | |||
UpdateDataSet | Grants permission to update a dataset | Write |
quicksight:PassDataSource |
||
UpdateDataSetPermissions | Grants permission to update the resource policy of a dataset | Permissions management | |||
UpdateDataSource | Grants permission to update a data source | Write |
iam:PassRole |
||
UpdateDataSourcePermissions | Grants permission to update the resource policy of a data source | Permissions management | |||
UpdateEmailCustomizationTemplate [permission only] | Grants permission to update a QuickSight email customization template | Write | |||
UpdateFolder | Grants permission to update a QuickSight Folder | Write | |||
UpdateFolderPermissions | Grants permission to update permissions for a QuickSight Folder | Permissions management | |||
UpdateGroup | Grants permission to change group description | Write | |||
UpdateIAMPolicyAssignment | Grants permission to update an existing assignment | Write | |||
UpdateIdentityPropagationConfig | Grants permission to add and update Amazon services for trusted identity propagation in QuickSight | Write | |||
UpdateIpRestriction | Grants permission to update the IP restrictions for QuickSight account | Write | |||
UpdateKeyRegistration | Grants permission to update QuickSight key registration | Write | |||
UpdatePublicSharingSettings | Grants permission to enable or disable public sharing on an account | Write | |||
UpdateQPersonalizationConfiguration | Grants permission to update a personalization configuration | Write | |||
UpdateRefreshSchedule | Grants permission to update a refresh schedule for a dataset | Write | |||
UpdateResourcePermissions [permission only] | Grants permission to update resource-level permissions in QuickSight | Write | |||
UpdateRoleCustomPermission | Grants permission to update the custom permission associated with a role | Write | |||
UpdateSPICECapacityConfiguration | Grants permission to update QuickSight SPICE capacity configuration | Write | |||
UpdateTemplate | Grants permission to update a template | Write | |||
UpdateTemplateAlias | Grants permission to update a template alias | Write | |||
UpdateTemplatePermissions | Grants permission to update permissions for a template | Permissions management | |||
UpdateTheme | Grants permission to update a theme | Write | |||
UpdateThemeAlias | Grants permission to update the alias of a theme | Write | |||
UpdateThemePermissions | Grants permission to update permissions for a theme | Permissions management | |||
UpdateTopic | Grants permission to update a topic | Write |
quicksight:PassDataSet |
||
UpdateTopicPermissions | Grants permission to update the resource policy of a topic | Permissions management | |||
UpdateTopicRefreshSchedule | Grants permission to update a refresh schedule for a topic | Write | |||
UpdateUser | Grants permission to update an Amazon QuickSight user | Write | |||
UpdateUserCustomPermission | Grants permission to update the custom permission associated with a user | Write | |||
UpdateVPCConnection | Grants permission to update a vpc connection | Write |
iam:PassRole |
||
Resource types defined by Amazon QuickSight
The following resource types are defined by this service and can be used in the Resource
element of IAM permission policy statements. Each action in the Actions table identifies the resource types that can be specified with that action. A resource type can also define which condition keys you can include in a policy. These keys are displayed in the last column of the Resource types table. For details about the columns in the following table, see Resource types table.
Resource types | ARN | Condition keys |
---|---|---|
account |
arn:${Partition}:quicksight:${Region}:${Account}:account/${ResourceId}
|
|
user |
arn:${Partition}:quicksight:${Region}:${Account}:user/${ResourceId}
|
|
group |
arn:${Partition}:quicksight:${Region}:${Account}:group/${ResourceId}
|
|
analysis |
arn:${Partition}:quicksight:${Region}:${Account}:analysis/${ResourceId}
|
|
dashboard |
arn:${Partition}:quicksight:${Region}:${Account}:dashboard/${ResourceId}
|
|
template |
arn:${Partition}:quicksight:${Region}:${Account}:template/${ResourceId}
|
|
vpcconnection |
arn:${Partition}:quicksight:${Region}:${Account}:vpcConnection/${ResourceId}
|
|
assetBundleExportJob |
arn:${Partition}:quicksight:${Region}:${Account}:asset-bundle-export-job/${ResourceId}
|
|
assetBundleImportJob |
arn:${Partition}:quicksight:${Region}:${Account}:asset-bundle-import-job/${ResourceId}
|
|
datasource |
arn:${Partition}:quicksight:${Region}:${Account}:datasource/${ResourceId}
|
|
dataset |
arn:${Partition}:quicksight:${Region}:${Account}:dataset/${ResourceId}
|
|
ingestion |
arn:${Partition}:quicksight:${Region}:${Account}:dataset/${DatasetId}/ingestion/${ResourceId}
|
|
refreshschedule |
arn:${Partition}:quicksight:${Region}:${Account}:dataset/${DatasetId}/refresh-schedule/${ResourceId}
|
|
theme |
arn:${Partition}:quicksight:${Region}:${Account}:theme/${ResourceId}
|
|
assignment |
arn:${Partition}:quicksight::${Account}:assignment/${ResourceId}
|
|
customization |
arn:${Partition}:quicksight:${Region}:${Account}:customization/${ResourceId}
|
|
namespace |
arn:${Partition}:quicksight:${Region}:${Account}:namespace/${ResourceId}
|
|
folder |
arn:${Partition}:quicksight:${Region}:${Account}:folder/${ResourceId}
|
|
emailCustomizationTemplate |
arn:${Partition}:quicksight:${Region}:${Account}:email-customization-template/${ResourceId}
|
|
topic |
arn:${Partition}:quicksight:${Region}:${Account}:topic/${ResourceId}
|
|
dashboardSnapshotJob |
arn:${Partition}:quicksight:${Region}:${Account}:dashboard/${DashboardId}/snapshot-job/${ResourceId}
|
|
brand |
arn:${Partition}:quicksight:${Region}:${Account}:brand/${ResourceId}
|
|
custompermissions |
arn:${Partition}:quicksight:${Region}:${Account}:custompermissions/${ResourceId}
|
Condition keys for Amazon QuickSight
Amazon QuickSight defines the following condition keys that can be used in the Condition
element of an IAM policy. You can use these keys to further refine the conditions under which the policy statement applies. For details about the columns in the following table, see Condition keys table.
To view the global condition keys that are available to all services, see Available global condition keys.
Condition keys | Description | Type |
---|---|---|
aws:RequestTag/${TagKey} | Filters access by tag key-value pairs in the request | String |
aws:ResourceTag/${TagKey} | Filters access by tag key-value pairs attached to the resource | String |
aws:TagKeys | Filters access by tag keys | ArrayOfString |
identitystore:GroupId | Filters access by IdentityStore group ARN | ARN |
quicksight:AllowedEmbeddingDomains | Filters access by the allowed embedding domains | ArrayOfString |
quicksight:DirectoryType | Filters access by the user management options | String |
quicksight:Edition | Filters access by the edition of QuickSight | String |
quicksight:Group | Filters access by QuickSight group ARN | ARN |
quicksight:IamArn | Filters access by IAM user or role ARN | ARN |
quicksight:KmsKeyArns | Filters access by KMS key ARNs | ArrayOfARN |
quicksight:SessionName | Filters access by session name | String |
quicksight:UserName | Filters access by user name | String |