Managing user access inside Amazon QuickSight - Amazon QuickSight

Important: We've redesigned the Amazon QuickSight analysis workspace. You might encounter screenshots or procedural text that doesn't reflect the new look in the QuickSight console. We're in the process of updating screenshots and procedural text.

To find a feature or item, use the Quick search bar.

For more information on QuickSight's new look, see Introducing new analysis experience on Amazon QuickSight.

Managing user access inside Amazon QuickSight

   Intended audience: System administrators and Amazon QuickSight administrators 

Amazon QuickSight administrators can use the following topics to manage user access to Amazon QuickSight and Amazon QuickSight access to AWS resources.

Inviting users to access Amazon QuickSight

   Applies to: Enterprise Edition and Standard Edition 
   Intended audience: Amazon QuickSight administrators 

In Standard edition, and in Enterprise edition using IAM Identity Center, you can invite any person with a valid email address to use Amazon QuickSight. When they sign up, a new Amazon QuickSight-only account is created for them. You can also invite IAM users in your AWS account to use Amazon QuickSight. In this case, they can use their IAM credentials to sign in to Amazon QuickSight. Any IAM user you invite must have a password associated with their IAM credentials, and you must also have an email address for them.

accounts are created in two steps. First, you invite a user to join Amazon QuickSight. Doing this creates an inactive account in Amazon QuickSight, and sends an invitation email to the user. When the user accepts the invitation and signs in for the first time, the user creates a password to activate the account.

For information about signing in for the first time, see Signing in to Amazon QuickSight.

Use the following procedure to invite a user to access Amazon QuickSight.

  1. Choose your user name on the application bar and then choose Manage QuickSight.

  2. Choose Manage Users. On this screen, you can manage users who already exist in your account.

  3. Choose Invite users.

  4. In the Invite users to this account screen, enter a new user name for a person to whom you want to grant access to Amazon QuickSight. If the user is an IAM user, enter their IAM credentials. Then press +. A user's IAM user name can be the same as their email address.

    Repeat this step until you have entered everyone who you want to invite. Then go to the next step to enter details.

  5. For Email, enter an email address for the account.

    Note

    Currently, email addresses are case-sensitive.

  6. For Role, choose the role to assign to each person you're inviting. A role determines the permission level to grant to that account.

    • Choose ADMIN if you want the user to be able to both use Amazon QuickSight for authoring and for performing administrative tasks like managing users or purchasing SPICE capacity.

      There are some differences in the administrative tasks that IAM users and Amazon QuickSight administrators can perform. These differences occur because some administrative tasks require permissions in AWS, which Amazon QuickSight–only users lack. The differences are these:

      • QuickSight administrators can manage users, SPICE capacity, and subscriptions.

      • IAM users with administrative permissions can also manage users, SPICE capacity, and subscriptions. In addition, they can manage Amazon QuickSight permissions to AWS resources, upgrade to Enterprise edition, and unsubscribe from Amazon QuickSight.

      If you want to create a user with administrator permissions with IAM access, check with your AWS administrator. Make sure that the IAM user has the all necessary statements in their IAM permissions policy to work with Amazon QuickSight resources. For more information about what statements are required, see IAM policy examples for Amazon QuickSight.

    • To set the user to be able to author analyses and dashboards in Amazon QuickSight but not perform any administrative tasks, choose AUTHOR.

    • In Enterprise edition, you can set users to be able to interact with shared dashboards, but not author analyses or dashboards or perform any administrative tasks. To do this, choose READER.

  7. For IAM User, verify that it says Yes for accounts that are associated with IAM users, and No for those that are Amazon QuickSight-only.

  8. (Optional) To delete a user, choose the delete icon at the end of the relevant row.

  9. Choose Invite.

Resend an invitation to a user

The sign-up URL in the invitation email expires after 7 days. To resend an invitation to someone, use the following procedure.

  1. Choose your user name on the application bar and then choose Manage QuickSight.

  2. Choose Manage Users.

  3. Find the entry for the person you want to re-invite, and choose Resend invitation for that user.

  4. Choose Confirm.

Viewing Amazon QuickSight account details

   Intended audience: Amazon QuickSight administrators 

You can view Amazon QuickSight accounts on the Manage Users page. To view a QuickSight user account, use the following procedure.

  1. Choose your user name on the application bar and then choose Manage QuickSight.

  2. Choose Manage Users to view details about people who are QuickSight users. The information that displays includes:

    • Username – The person's user name.

    • Email – The email associated with this user name.

    • Role – The security cohort that the person's user name belongs to: ADMIN, AUTHOR, or READER.

    • Last active – The last date and time that this person accessed the QuickSight console. Anyone who isn't an active user has a Last active status of User has no activity.

    You can also see deleted or inactive users in this screen.

  3. To find a user name, enter a part or all of a user's name or email the search box. Search is case-insensitive and wildcards aren't supported. To clear the search results and view all user names, delete your search entry.

Deleting a QuickSight user account

   Intended audience: Amazon QuickSight administrators 

accounts can be deleted by either an AWS administrator or an Amazon QuickSight administrator. Deleting a QuickSight user account works the same in both the Standard and Enterprise editions of Amazon QuickSight.

Deleting a QuickSight user account removes or transfers their resources. In Enterprise edition, the network administrator can temporarily deactivate a QuickSight user account by removing it from the network group that has access to Amazon QuickSight. If a user is deleted, but not deactivated, that user can still access Amazon QuickSight as a new user. For more information about deactivating an Enterprise account, see Deactivating user accounts.

Use the following procedure to delete a QuickSight user account.

  1. Choose your user name on the application bar and then choose Manage QuickSight.

  2. Choose Manage Users.

  3. Locate the account you want to delete and then choose the delete icon at the end of that row.

  4. Choose to either delete or transfer any resources owned by the user and then choose OK.

  5. Do one of the following:

    • If you chose to transfer user resources, enter the user name of the account to transfer them to and then choose Delete and transfer resources.

    • If you chose to delete user resources, choose Delete. You can't undo this action.