Creating and managing groups in Amazon QuickSight - Amazon QuickSight

Creating and managing groups in Amazon QuickSight

   Intended audience: System administrators 
 Applies to: Enterprise Edition 

Admins with IAM credentials who have access to the Amazon QuickSight console can organize sets of users into groups that make it easier to manage access and security. For example, you can create a group of users that you can share QuickSight assets with all at once. You can create and manage groups using the QuickSight console or the AWS Command Line Interface (AWS CLI).

Creating and managing groups using the Amazon QuickSight console

Use the following procedures to create and manage groups in the Amazon QuickSight console.

To create a user group in the QuickSight console:

  1. On the Amazon QuickSight start page, choose Manage QuickSight, and then choose Manage groups.

  2. Choose NEW GROUP.

  3. On the Create new group page, enter the name and description of the new group in the corresponding boxes.

  4. When you're finished, choose Create to create the new group.

After you have created a new group, you can't change the group's title but you can change the group's description.

To change the description of a group:

  1. On the Amazon QuickSight start page, choose Manage QuickSight, and then choose Manage groups.

  2. Choose the group that you want to change, and then choose the Edit link next to the group description.

  3. In the Edit description box that appears, enter the new description and choose Save.

After you create a group, you can add and remove users from the Manage groups page. You can't add a user to a group if you haven't added the user to your account. For more information on adding users to your QuickSight account, see Managing user access inside Amazon QuickSight.

To add a user to a group

  1. On the Amazon QuickSight start page, choose Manage QuickSight, and then choose Manage groups.

  2. Choose the group that you want to add a user to, and choose ADD USER at the page's upper right.

  3. Enter the user name or email of the user that you want to add, and choose the correct user for Search users.

To remove a user from a group:

  1. On the Amazon QuickSight start page, choose Manage QuickSight, and then choose Manage groups.

  2. Choose the group that you want to remove a user from.

  3. Find the user that you want to remove and choose Remove.

Choosing remove automatically removes the selected user from the group.

You can also search for a group member by entering the user's full user name into the search bar on the right-hand side of the group's page.

Creating and managing groups using the AWS CLI

Before you begin, make sure that you have the AWS CLI installed. For more information, see Installing the AWS CLI in the AWS CLI User Guide.

Use the following procedure to create an Amazon QuickSight user group.

  1. Open a terminal window. If you are using Microsoft Windows, open a command prompt.

  2. Enter the following command at the prompt to create a group. Substitute the correct values for your parameters.

    aws quicksight create-group --aws-account-id=111122223333 --namespace=default --group-name="Sales-Management" --description="Sales Management - Forecasting"

    You might find it easier to create the command in a text editor before entering it at the prompt. For more information on create-group and other available commands, see the Amazon QuickSight API reference.

  3. Verify that the group exists by using a command similar to one of the following. The following command lists all groups.

    aws quicksight list-groups --aws-account-id 111122223333 --namespace default

    The following command describes a specific group.

    aws quicksight describe-group --aws-account-id 11112222333 --namespace default --group-name Sales

    The following command searches for groups in a specified QuickSight namespace.

    aws quicksight search-groups --region us-west-2 --aws-account-id 11112222333 --namespace default --filters "[{\"Operator\": \"StartsWith\", \"Name\": \"GROUP_NAME\", \"Value\": \"Mar\"}]"
  4. Add a member to the new group by using a command similar to the following.

    aws quicksight create-group-membership --aws-account-id 111122223333 --namespace default --group-name Sales --member-name Pat

    The following command determines if a user is a member of a specified group.

    aws quicksight describe-group-membership --region us-west-2 --aws-account-id 11112222333 --namespace default --group-name Marketing-East --member-name user