UpdateUser

Updates an Amazon QuickSight user.

Request Syntax

PUT /accounts/AwsAccountId/namespaces/Namespace/users/UserName HTTP/1.1
Content-type: application/json

{
   "CustomFederationProviderUrl": "string",
   "CustomPermissionsName": "string",
   "Email": "string",
   "ExternalLoginFederationProviderType": "string",
   "ExternalLoginId": "string",
   "Role": "string",
   "UnapplyCustomPermissions": boolean
}

URI Request Parameters

The request uses the following URI parameters.

AwsAccountId

The ID for the AWS account that the user is in. Currently, you use the ID for the AWS account that contains your Amazon QuickSight account.

Length Constraints: Fixed length of 12.

Pattern: ^[0-9]{12}$

Required: Yes

Namespace

The namespace. Currently, you should set this to default.

Length Constraints: Maximum length of 64.

Pattern: ^[a-zA-Z0-9._-]*$

Required: Yes

UserName

The Amazon QuickSight user name that you want to update.

Length Constraints: Minimum length of 1.

Pattern: [\u0020-\u00FF]+

Required: Yes

Request Body

The request accepts the following data in JSON format.

Email

The email address of the user that you want to update.

Type: String

Required: Yes

Role

The Amazon QuickSight role of the user. The role can be one of the following default security cohorts:

• READER: A user who has read-only access to dashboards.

• AUTHOR: A user who can create data sources, datasets, analyses, and dashboards.

• ADMIN: A user who is an author, who can also manage Amazon QuickSight settings.

The name of the Amazon QuickSight role is invisible to the user except for the console screens dealing with permissions.

Type: String

Valid Values: ADMIN | AUTHOR | READER | RESTRICTED_AUTHOR | RESTRICTED_READER

Required: Yes

CustomFederationProviderUrl

The URL of the custom OpenID Connect (OIDC) provider that provides identity to let a user federate into Amazon QuickSight with an associated AWS Identity and Access Management(IAM) role. This parameter should only be used when ExternalLoginFederationProviderType parameter is set to CUSTOM_OIDC.

Type: String

Required: No

CustomPermissionsName

(Enterprise edition only) The name of the custom permissions profile that you want to assign to this user. Customized permissions allows you to control a user's access by restricting access the following operations:

• Create and update data sources

• Create and update datasets

• Create and update email reports

• Subscribe to email reports

A set of custom permissions includes any combination of these restrictions. Currently, you need to create the profile names for custom permission sets by using the Amazon QuickSight console. Then, you use the RegisterUser API operation to assign the named set of permissions to a Amazon QuickSight user.

Amazon QuickSight custom permissions are applied through IAM policies. Therefore, they override the permissions typically granted by assigning Amazon QuickSight users to one of the default security cohorts in Amazon QuickSight (admin, author, reader).

This feature is available only to Amazon QuickSight Enterprise edition subscriptions.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 64.

Pattern: ^[a-zA-Z0-9+=,.@_-]+$

Required: No

ExternalLoginFederationProviderType

The type of supported external login provider that provides identity to let a user federate into Amazon QuickSight with an associated AWS Identity and Access Management(IAM) role. The type of supported external login provider can be one of the following.

• COGNITO: Amazon Cognito. The provider URL is cognito-identity.amazonaws.com. When choosing the COGNITO provider type, don’t use the "CustomFederationProviderUrl" parameter which is only needed when the external provider is custom.

• CUSTOM_OIDC: Custom OpenID Connect (OIDC) provider. When choosing CUSTOM_OIDC type, use the CustomFederationProviderUrl parameter to provide the custom OIDC provider URL.

• NONE: This clears all the previously saved external login information for a user. Use the DescribeUser API operation to check the external login information.

Type: String

Required: No

ExternalLoginId

The identity ID for a user in the external login provider.

Type: String

Required: No

UnapplyCustomPermissions

A flag that you use to indicate that you want to remove all custom permissions from this user. Using this parameter resets the user to the state it was in before a custom permissions profile was applied. This parameter defaults to NULL and it doesn't accept any other value.

Type: Boolean

Required: No

Response Syntax

HTTP/1.1 Status
Content-type: application/json

{
   "RequestId": "string",
   "User": { 
      "Active": boolean,
      "Arn": "string",
      "CustomPermissionsName": "string",
      "Email": "string",
      "ExternalLoginFederationProviderType": "string",
      "ExternalLoginFederationProviderUrl": "string",
      "ExternalLoginId": "string",
      "IdentityType": "string",
      "PrincipalId": "string",
      "Role": "string",
      "UserName": "string"
   }
}

Response Elements

If the action is successful, the service sends back the following HTTP response.

Status

The HTTP status of the request.

The following data is returned in JSON format by the service.

RequestId

The AWS request ID for this operation.

Type: String

User

The Amazon QuickSight user.

Type: User object

Errors

For information about the errors that are common to all actions, see Common Errors.

AccessDeniedException

You don't have access to this item. The provided credentials couldn't be validated. You might not be authorized to carry out the request. Make sure that your account is authorized to use the Amazon QuickSight service, that your policies have the correct permissions, and that you are using the correct credentials.

HTTP Status Code: 401

InternalFailureException

An internal failure occurred.

HTTP Status Code: 500

InvalidParameterValueException

One or more parameters has a value that isn't valid.

HTTP Status Code: 400

PreconditionNotMetException

One or more preconditions aren't met.

HTTP Status Code: 400

ResourceNotFoundException

One or more resources can't be found.

HTTP Status Code: 404

ResourceUnavailableException

This resource is currently unavailable.

HTTP Status Code: 503

ThrottlingException

Access is throttled.

HTTP Status Code: 429

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface

• AWS SDK for .NET

• AWS SDK for C++

• AWS SDK for Go

• AWS SDK for Java V2

• AWS SDK for JavaScript V3

• AWS SDK for PHP V3

• AWS SDK for Python

• AWS SDK for Ruby V3