Menu
Amazon QuickSight
User Guide

Managing User Access Inside Amazon QuickSight

Amazon QuickSight administrators can use the following topics to manage user access to Amazon QuickSight and Amazon QuickSight access to AWS resources.

Inviting Users to Access Amazon QuickSight

You can invite any person with a valid email address to use Amazon QuickSight. When they sign up, a new Amazon QuickSight-only user account is created for them. You can also invite IAM users in your AWS account to use Amazon QuickSight. In this case, they can use their IAM credentials to sign in to Amazon QuickSight. Any IAM user you invite must have a password associated with their IAM credentials, and you must also have an email address for them.

User accounts are created in two steps. First, you invite a user to join Amazon QuickSight. Doing this creates an inactive user account in Amazon QuickSight, and sends an invitation email to the user. When the user accepts the invitation and signs in for the first time, the user creates a password to activate the user account.

For information about signing in for the first time, see Signing In to Amazon QuickSight.

Use the following procedure to invite a user to access Amazon QuickSight.

  1. Choose your user name on the application bar and then choose Manage QuickSight.

  2. Choose Manage Users.

  3. Choose Invite users.

  4. In the Type an IAM user name or email box, type the IAM user name or the email address of a person to whom you want to grant access to Amazon QuickSight and then press Enter. A user's IAM user name may be the same as their email address, and this is fine.

    Repeat this step until you have entered information for everyone you want to invite.

  5. For Email, type an email address for the user account. If your company uses single sign-on (SSO), the user's email domain must match yours.

  6. For IAM User, verify that it says Yes for accounts that are associated with IAM users, and No for those that are Amazon QuickSight-only.

  7. For Role, choose the role to assign to each person you are inviting. A role determines the permission level to grant to that user account.

    • Choose USER if you want the user to author analyses and dashboards in Amazon QuickSight but not perform any administrative tasks, like managing users or purchasing SPICE capacity.

    • Choose ADMIN if you want the user to be able to both use Amazon QuickSight for authoring and for performing administrative tasks.

      There are some differences in what administrative tasks that IAM admin users and that Amazon QuickSight admin users can perform, because some administrative tasks require permissions in AWS, which Amazon QuickSight–only users lack.

      • Amazon QuickSight admin users can manage users, SPICE capacity, and subscriptions.

      • IAM admin users can manage users, SPICE capacity, and subscriptions as well. They can also manage Amazon QuickSight permissions to AWS resources, and unsubscribe from Amazon QuickSight.

    If you are creating an IAM admin user, check with your AWS administrator and make sure that user has the all necessary statements in their IAM permissions policy to work with Amazon QuickSight resources. For more information about what statements are required, see Setting Your IAM Policy.

  8. Choose Invite.

Resend an Invitation to a User

The sign-up URL in the invitation email expires after 24 hours. Use the following procedure if you need to resend an invitation to someone.

  1. Choose your user name on the application bar and then choose Manage QuickSight.

  2. Choose Manage Users.

  3. Find the entry for the person you want to re-invite, and choose Resend invitation.

  4. Choose Confirm.

Viewing Amazon QuickSight User Account Details

You can view Amazon QuickSight user accounts on the Manage Users page. Use the following procedure to view a user account.

  1. Choose your user name on the application bar and then choose Manage QuickSight.

  2. Choose Manage Users.

  3. Type a search term for Search for a user to search for a specific user account. Any user name or email address that starts with the search term is shown. Search is case-insensitive and wildcards aren't supported. To clear the search results and view all user accounts, delete the search term.

  4. Review the user name, email, assigned role, and status. The status field shows either ACTIVE or INACTIVE to indicate whether or not the user has responded to the invitation email and activated an account.

Deleting a User Account

User accounts can be deleted by either an AWS administrator or an Amazon QuickSight administrator. Deleting a user account works the same in both the Standard and Enterprise editions of Amazon QuickSight.

Deleting a user account removes or transfers their resources. In Enterprise edition, the network administrator can temporarily deactivate a user account by removing it from the network group that has access to Amazon QuickSight. If a user is deleted, but not deactivated, that user can still access Amazon QuickSight as a new user. For more information about deactivating an Enterprise user account, see Deactivating Active Directory User Accounts.

Use the following procedure to delete a user account.

  1. Choose your user name on the application bar and then choose Manage QuickSight.

  2. Choose Manage Users.

  3. Locate the user account you want to delete and then choose the delete icon.

  4. Choose to either delete or transfer any resources owned by the user and then choose OK.

  5. Do one of the following:

    • If you chose to transfer user resources, type the user name of the account to transfer them to and then choose Delete and transfer resources.

    • If you chose to delete user resources, choose Delete. You can't undo this action.