Grant Your Users Permissions to Send Predictions to Amazon QuickSight
You must grant your SageMaker Canvas users permissions to send batch predictions to Amazon QuickSight. In Amazon QuickSight, users can create analyses and reports with a dataset and prepare dashboards to share their results. For more information about sending prediction to QuickSight for analysis, see Send predictions to Amazon QuickSight.
To grant the necessary permissions to share batch predictions with users in QuickSight, you must add a permissions policy to the AWS Identity and Access Management (IAM) execution role that you’ve used for the user profile. The following section shows you how to attach a least-permissions policy to your role.
Add the permissions policy to your IAM role
To add the permissions policy, use the following procedure:
-
Sign in to the IAM console at https://console.aws.amazon.com/iam/
. -
Choose Roles.
-
In the search box, search for the user's IAM role by name and select it.
-
On the page for the user's role, under Permissions, choose Add permissions.
-
Choose Create inline policy.
-
Select the JSON tab, and then paste the following least-permissions policy into the editor. Replace the placeholders
<your-account-number>{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "quicksight:CreateDataSet", "quicksight:ListUsers", "quicksight:ListNamespaces", "quicksight:CreateDataSource", "quicksight:PassDataSet", "quicksight:PassDataSource" ], "Resource":[ "arn:aws:quicksight:*:<your-account-number>:datasource/*", "arn:aws:quicksight:*:<your-account-number>:user/*", "arn:aws:quicksight:*:<your-account-number>:namespace/*", "arn:aws:quicksight:*:<your-account-number>:dataset/*" ] } ] } -
Choose Review policy.
-
Enter a Name for the policy.
-
Choose Create policy.
You should now have a customer-managed IAM policy attached to your execution role that grants your Canvas users the necessary permissions to send batch predictions to users in QuickSight.
