En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

Remove delete permission for the dataset in quicksight for any of the users.

0

The main purpose here is to prevent the deletion of dataset for all the users who are using quicksight. Here users are logging into quicksight using federated login, where role have been used to login to quicksight.

Tried adding inline policy to the federated role, tried preventing deletion using boto3 API's but it is not preventing deletion. Could someone help me here to fix it.

Any help would be much appreciated.

Sujets
AnalytiqueSécurité, identité et conformité
Balises
AnalytiqueGestion des identités et des accès AWSAmazon QuickSightPolitiques IAM
Langue
English
Arun Kumar Nagaraj
demandé il y a 8 mois395 vues
1 réponse
0

Hello.

To prevent users from deleting a dataset in Amazon QuickSight, you need to make sure that you have applied the necessary permissions correctly at both the AWS Identity and Access Management (IAM) level and within Amazon QuickSight. Here are the steps you can follow to achieve this:

IAM Role Permissions:

Ensure that the IAM role that federated users assume to log in to Amazon QuickSight does not have permissions to delete datasets. To do this: a. Go to the AWS IAM Console. b. Find the IAM role that federated users assume when logging in to QuickSight. c. Attach a policy to this IAM role that denies the quicksight:DeleteDataSet permission. You can use an inline policy like this:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Deny",
            "Action": "quicksight:DeleteDataSet",
            "Resource": "*"
        }
    ]
}

Amazon QuickSight Permissions: Now, you need to ensure that permissions are also restricted within Amazon QuickSight itself. Follow these steps: a. Log in to the Amazon QuickSight console. b. Click on your username in the top-right corner and choose "Manage QuickSight." c. In the QuickSight settings, click on "Security & permissions." d. Ensure that your QuickSight users/groups do not have any custom permissions that grant them the ability to delete datasets. Review their permissions to make sure they don't have the Delete action on datasets.

Best regards, Andrii

profile picture
EXPERT
Andrii S
répondu il y a 8 mois
profile picture
EXPERT
Giovanni Lauria
vérifié il y a un mois
  • Arun Kumar Nagaraj
    il y a 8 mois

    Hi Andrii, Thanks for the solution.

    Points to be noted:

    1. The user has been created with an ADMIN role.
    2. Within Security and Permissions, under Resource access for individual users and groups, a custom IAM policy has been assigned, the policy looks like this: { "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Deny", "Action": [ "quicksight:DeleteDataSet", "quicksight:DeleteAnalysis", "quicksight:DeleteDataSource", "quicksight:DeleteDashboard" ], "Resource":"*" } ] }

    Could you please advise if i am doing something wrong here?

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents