AWS re:Postを使用することにより、以下に同意したことになります AWS re:Post 利用規約

Cannot Update Account Name Mapping or view any QS datasets for CID Dashboards due to DataLake Permissions

0

I was trying to update the CID Dashboards to display account names as per this doc(https://catalog.workshops.aws/awscid/en-US/dashboards/foundational/cudos-cid-kpi/add-accounts) . When I run the query I get this error... Failed Time in queue: 53 ms Run time: 884 ms Data scanned:

Insufficient Lake Formation permission(s): Required Alter on account_map (Service: AmazonDataCatalog; Status Code: 400; Error Code: AccessDeniedException; Request ID: 3b088179-ac9a-4a3e-a4a7-bfe07cf755fd; Proxy: null) This query ran against the "cid_cur" database, unless qualified by the query. Please post the error message on our forum or contact customer support with Query Id: 2d0fbce8-474c-4f7a-b202-946c135db68f

Also just trying to view the DataSets In QuickSight I get this error... You don’t have sufficient permissions to connect to this dataset or run this query. Contact your administrator for assistance. Error details region: us-east-1 timestamp: 1697652800230 requestId: dfbcb3ea-3dee-40ae-8e3c-795273b16011 sourceErrorCode: 100071 sourceErrorMessage: [Simba]AthenaJDBC An error has been thrown from the AWS Athena client. You are not authorized to perform: athena:ListDatabases on the resource. After your AWS administrator or you have updated your permissions, please try again. [Execution ID not available] sourceErrorState: HY000 sourceException: java.sql.SQLException sourceType: ATHENA

Why can't I update these items that I installed? I am running as Full Admin privs.

質問済み 1年前520ビュー
1回答
0

Hello,

Looking at the error message, it seems there was a lack of permission.

Please refer the below mentioned documents [+] https://repost.aws/knowledge-center/quicksight-access-denied-athena-data [+] https://community.amazonquicksight.com/t/why-cant-i-edit-cid-datasets/20046

This error generally occurs when there are missing permissions in Lake Formation. If you are querying data with Amazon Athena, you can use AWS Lake Formation to simplify how you secure and connect to your data from Amazon QuickSight.

Please follow below steps to grant SELECT permissions on database ‘your_database_name’ and table ‘your_table_name’ to the Quicksight user/group:

  1. Sign in to the AWS Lake Formation console as the data lake administrator.
  2. Choose Database.
  3. Select 'Your_database_name'
  4. From the Actions drop-down menu, choose View permissions. You will see a list of principals with associated permissions for each resource type.
  5. Choose Grant.
  6. Select the drop down menu for ‘SAML users and groups’.
  7. Add Quicksight user arn.
  8. Select tables.
  9. For Table permissions, select SELECT.
  10. Choose Grant.
  11. Following the same steps, you will also need to do the same for the QuickSight service role "aws-quicksight-service-role-v0". Choose IAM users and roles for this.

After granting permissions, please check if you are able to list databases while creating Athena dataset.

Please raise a support case in case this issue persists.

AWS
サポートエンジニア
回答済み 1年前
profile picture
エキスパート
レビュー済み 8ヶ月前

ログインしていません。 ログイン 回答を投稿する。

優れた回答とは、質問に明確に答え、建設的なフィードバックを提供し、質問者の専門分野におけるスキルの向上を促すものです。

質問に答えるためのガイドライン

関連するコンテンツ