UpdateUser - Amazon QuickSight


Updates an Amazon QuickSight user.

Request Syntax

PUT /accounts/AwsAccountId/namespaces/Namespace/users/UserName HTTP/1.1 Content-type: application/json { "CustomFederationProviderUrl": "string", "CustomPermissionsName": "string", "Email": "string", "ExternalLoginFederationProviderType": "string", "ExternalLoginId": "string", "Role": "string", "UnapplyCustomPermissions": boolean }

URI Request Parameters

The request uses the following URI parameters.


The ID for the AWS account that the user is in. Currently, you use the ID for the AWS account that contains your Amazon QuickSight account.

Length Constraints: Fixed length of 12.

Pattern: ^[0-9]{12}$

Required: Yes


The namespace. Currently, you should set this to default.

Length Constraints: Maximum length of 64.

Pattern: ^[a-zA-Z0-9._-]*$

Required: Yes


The Amazon QuickSight user name that you want to update.

Length Constraints: Minimum length of 1.

Pattern: [\u0020-\u00FF]+

Required: Yes

Request Body

The request accepts the following data in JSON format.


The email address of the user that you want to update.

Type: String

Required: Yes


The Amazon QuickSight role of the user. The role can be one of the following default security cohorts:

  • READER: A user who has read-only access to dashboards.

  • AUTHOR: A user who can create data sources, datasets, analyses, and dashboards.

  • ADMIN: A user who is an author, who can also manage Amazon QuickSight settings.

The name of the Amazon QuickSight role is invisible to the user except for the console screens dealing with permissions.

Type: String


Required: Yes


The URL of the custom OpenID Connect (OIDC) provider that provides identity to let a user federate into Amazon QuickSight with an associated AWS Identity and Access Management(IAM) role. This parameter should only be used when ExternalLoginFederationProviderType parameter is set to CUSTOM_OIDC.

Type: String

Required: No


(Enterprise edition only) The name of the custom permissions profile that you want to assign to this user. Customized permissions allows you to control a user's access by restricting access the following operations:

  • Create and update data sources

  • Create and update datasets

  • Create and update email reports

  • Subscribe to email reports

A set of custom permissions includes any combination of these restrictions. Currently, you need to create the profile names for custom permission sets by using the Amazon QuickSight console. Then, you use the RegisterUser API operation to assign the named set of permissions to a Amazon QuickSight user.

Amazon QuickSight custom permissions are applied through IAM policies. Therefore, they override the permissions typically granted by assigning Amazon QuickSight users to one of the default security cohorts in Amazon QuickSight (admin, author, reader).

This feature is available only to Amazon QuickSight Enterprise edition subscriptions.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 64.

Pattern: ^[a-zA-Z0-9+=,.@_-]+$

Required: No


The type of supported external login provider that provides identity to let a user federate into Amazon QuickSight with an associated AWS Identity and Access Management(IAM) role. The type of supported external login provider can be one of the following.

  • COGNITO: Amazon Cognito. The provider URL is cognito-identity.amazonaws.com. When choosing the COGNITO provider type, don’t use the "CustomFederationProviderUrl" parameter which is only needed when the external provider is custom.

  • CUSTOM_OIDC: Custom OpenID Connect (OIDC) provider. When choosing CUSTOM_OIDC type, use the CustomFederationProviderUrl parameter to provide the custom OIDC provider URL.

  • NONE: This clears all the previously saved external login information for a user. Use the DescribeUser API operation to check the external login information.

Type: String

Required: No


The identity ID for a user in the external login provider.

Type: String

Required: No


A flag that you use to indicate that you want to remove all custom permissions from this user. Using this parameter resets the user to the state it was in before a custom permissions profile was applied. This parameter defaults to NULL and it doesn't accept any other value.

Type: Boolean

Required: No

Response Syntax

HTTP/1.1 Status Content-type: application/json { "RequestId": "string", "User": { "Active": boolean, "Arn": "string", "CustomPermissionsName": "string", "Email": "string", "ExternalLoginFederationProviderType": "string", "ExternalLoginFederationProviderUrl": "string", "ExternalLoginId": "string", "IdentityType": "string", "PrincipalId": "string", "Role": "string", "UserName": "string" } }

Response Elements

If the action is successful, the service sends back the following HTTP response.


The HTTP status of the request.

The following data is returned in JSON format by the service.


The AWS request ID for this operation.

Type: String


The Amazon QuickSight user.

Type: User object


For information about the errors that are common to all actions, see Common Errors.


You don't have access to this item. The provided credentials couldn't be validated. You might not be authorized to carry out the request. Make sure that your account is authorized to use the Amazon QuickSight service, that your policies have the correct permissions, and that you are using the correct credentials.

HTTP Status Code: 401


An internal failure occurred.

HTTP Status Code: 500


One or more parameters has a value that isn't valid.

HTTP Status Code: 400


One or more preconditions aren't met.

HTTP Status Code: 400


One or more resources can't be found.

HTTP Status Code: 404


This resource is currently unavailable.

HTTP Status Code: 503


Access is throttled.

HTTP Status Code: 429

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: