Creating and managing groups in Amazon QuickSight
| Intended audience: System administrators |
| Applies to: Enterprise Edition |
Note
If you're using IAM Identity Center or Active Directory, you can't create and manage groups in Amazon QuickSight. Instead, you manage the assignment of your identity provider's groups to roles in QuickSight.
If you're QuickSight account is integrated with IAM Identity Center (recommended), groups are not managed in the QuickSight application. Instead, groups are managed in IAM Identity Center or in the third-party identity provider that you configured in IAM Identity Center. Groups are synced automatically between QuickSight and IAM Identity Center.
For accounts that use other identity types, admins with IAM credentials who have access to the Amazon QuickSight console can organize sets of
users into groups that make it easier to manage access and security. For example, you
can create a group of users that you can share QuickSight assets with all at once. You can create and manage groups using the QuickSight console or the AWS Command Line Interface
(AWS CLI). You can create up to 10,000 groups in a namespace. If you want to create more than 10,000 groups in a namespace, contact AWS Support
Creating and managing groups using the Amazon QuickSight console
Use the following procedures to create and manage groups in the Amazon QuickSight console.
To create a user group in the QuickSight console:
-
On the Amazon QuickSight start page, choose Manage QuickSight, and then choose Manage groups.
-
Choose NEW GROUP.
-
On the Create new group page, enter the name and description of the new group in the corresponding boxes.
-
When you're finished, choose Create to create the new group.
After you have created a new group, you can't change the group's title but you can change the group's description.
To change the description of a group:
-
On the Amazon QuickSight start page, choose Manage QuickSight, and then choose Manage groups.
-
Choose the group that you want to change, and then choose the Edit link next to the group description.
-
In the Edit description box that appears, enter the new description and choose Save.
After you create a group, you can add and remove users from the Manage groups page. You can't add a user to a group if you haven't added the user to your account. For more information on adding users to your QuickSight account, see Managing user access inside Amazon QuickSight.
To add a user to a group
-
On the Amazon QuickSight start page, choose Manage QuickSight, and then choose Manage groups.
-
Choose the group that you want to add a user to, and choose ADD USER at the page's upper right.
-
Enter the user name or email of the user that you want to add, and choose the correct user for Search users.
To remove a user from a group:
-
On the Amazon QuickSight start page, choose Manage QuickSight, and then choose Manage groups.
-
Choose the group that you want to remove a user from.
-
Find the user that you want to remove and choose Remove.
Choosing remove automatically removes the selected user from the group.
You can also search for a group member by entering the user's full user name into the search bar on the right-hand side of the group's page.
You can't delete a group from the QuickSight console, but you can delete a group with the AWS CLI. For more information on deleting a QuickSight group with the AWS CLI, see Deleting groups from Amazon QuickSight.
Creating and managing groups using the AWS CLI
Before you begin, make sure that you have the AWS CLI installed. For more information, see Installing the AWS CLI in the AWS CLI User Guide.
Use the following procedure to create an Amazon QuickSight user group.
-
Open a terminal window. If you are using Microsoft Windows, open a command prompt.
-
Enter the following command at the prompt to create a group. Substitute the correct values for your parameters.
aws quicksight create-group --aws-account-id=111122223333--namespace=default--group-name="Sales-Management" --description="Sales Management - Forecasting"You might find it easier to create the command in a text editor before entering it at the prompt. For more information on
create-groupand other available commands, see the Amazon QuickSight API reference. -
Verify that the group exists by using a command similar to one of the following. The following command lists all groups.
aws quicksight list-groups --aws-account-id111122223333--namespacedefaultThe following command describes a specific group.
aws quicksight describe-group --aws-account-id11112222333--namespacedefault--group-nameSalesThe following command searches for groups in a specified QuickSight namespace.
aws quicksight search-groups --regionus-west-2--aws-account-id11112222333--namespacedefault--filters "[{\"Operator\": \"StartsWith\", \"Name\": \"GROUP_NAME\", \"Value\": \"Mar\"}]" -
Add a member to the new group by using a command similar to the following.
aws quicksight create-group-membership --aws-account-id111122223333--namespacedefault--group-nameSales--member-namePatThe following command determines if a user is a member of a specified group.
aws quicksight describe-group-membership --regionus-west-2--aws-account-id11112222333--namespacedefault--group-nameMarketing-East--member-nameuser
Deleting groups from Amazon QuickSight
You can delete a group from the AWS CLI. Use the following procedure to delete a Amazon QuickSight user group.
To delete a group in Amazon QuickSight
-
Open a terminal window. If you are using Microsoft Windows, open a command prompt.
-
Enter the following command at the prompt to create a group. Substitute the correct values for your parameters.
aws quicksight delete-group --aws-account-id111122223333--namespacedefault--group-nameMarketing-EastYou might find it easier to create the command in a text editor before entering it at the prompt. For more information on
delete-groupand other available commands, see the Amazon QuickSight API reference.
