Provisioning users for Amazon QuickSight
Applies to: Enterprise Edition and Standard Edition |
Intended audience: System administrators and Amazon QuickSight administrators |
Self-provisioning an Amazon QuickSight administrator
Amazon QuickSight administrators are users who can also manage Amazon QuickSight features such as account settings and accounts. They can also purchase additional Amazon QuickSight user subscriptions, purchase SPICE capacity, and cancel the subscription to Amazon QuickSight for your AWS account.
You can use an AWS user or group policy to give users the ability to add
themselves as administrators of Amazon QuickSight. Users that have been granted this ability
can only add themselves as administrators and can't use this policy to add
others. Their accounts become active and billable the first time that they open
Amazon QuickSight. To set up self-provisioning, give these users permission to use the
quicksight:CreateAdmin
action.
Granting permissions with IAM actions only affects the specified user's ability to create a QuickSight account for their specified role. After a user has created and logged into their account, you use a separate set of permissions within QuickSight to manage QuickSight-specific features. For more information, see Customizing access to Amazon QuickSight capabilities.
Alternatively, you can use the following procedure to use the console to set or create the administrator for Amazon QuickSight.
To make a user the Amazon QuickSight administrator
-
Create the AWS user:
-
Use IAM to create the user that you want to be the administrator of Amazon QuickSight. Alternatively, identify an existing user in IAM for the administrator role. You can also put the user inside a new group, for manageability.
-
Grant the user (or group) sufficient permissions.
-
-
Sign in to your AWS Management Console with the target user's credentials.
-
Go to http://quicksight.aws.amazon.com/sn/console/get-user-email
, type in the target user's email address, and choose Continue.
On success, the target user is now an administrator in Amazon QuickSight.
Self-provisioning an Amazon QuickSight author
Amazon QuickSight authors can create data sources, data sets, analyses, and dashboards. They can share analyses and dashboards with other Amazon QuickSight users in your Amazon QuickSight account. However, they don't have access to the Manage Amazon QuickSight menu. They can't change account settings, manage accounts, purchase additional Amazon QuickSight user subscriptions or SPICE capacity, or cancel the subscription to Amazon QuickSight for your AWS account.
You can use an AWS user or group policy to give users the ability to create an Amazon QuickSight
author account for themselves. Their accounts become active and billable the first time
they open Amazon QuickSight. To set up self-provisioning, you need to give them permission to use the
quicksight:CreateUser
action.
Self-provisioning an Amazon QuickSight read-only user
Amazon QuickSight read-only users or readers can view and manipulate dashboards that are shared with them, but they can't make any changes or save a dashboard for further analysis. Amazon QuickSight readers can't create data sources, data sets, analyses, or visuals. They can't do any administrative tasks. Choose this role for people who are consumers of the dashboards but don't author their own analysis, for example, executives.
If you are using Microsoft Active Directory with Amazon QuickSight, you can manage read-only permissions by using a group. Otherwise, you can bulk-invite users to use Amazon QuickSight. You can also use an AWS user or group policy to give people the ability to create an Amazon QuickSight reader account for themselves.
Reader accounts become active and billable the first time they open Amazon QuickSight. If you decide
to upgrade or downgrade a user, billing for that user is prorated for the month. To set up
self-provisioning, you need to give them permission to use the
quicksight:CreateReader
action.
Readers that are used to automatically or programmatically refresh dashboards for near real-time use cases must choose capacity pricing. For readers under user pricing, each reader is limited to manual use by one individual only. For more information about user and capacity pricing, see Amazon QuickSight Pricing