Remove delete permission for the dataset in quicksight for any of the users.

0

The main purpose here is to prevent the deletion of dataset for all the users who are using quicksight. Here users are logging into quicksight using federated login, where role have been used to login to quicksight.

Tried adding inline policy to the federated role, tried preventing deletion using boto3 API's but it is not preventing deletion. Could someone help me here to fix it.

Any help would be much appreciated.

1 Answer
0

Hello.

To prevent users from deleting a dataset in Amazon QuickSight, you need to make sure that you have applied the necessary permissions correctly at both the AWS Identity and Access Management (IAM) level and within Amazon QuickSight. Here are the steps you can follow to achieve this:

IAM Role Permissions:

Ensure that the IAM role that federated users assume to log in to Amazon QuickSight does not have permissions to delete datasets. To do this: a. Go to the AWS IAM Console. b. Find the IAM role that federated users assume when logging in to QuickSight. c. Attach a policy to this IAM role that denies the quicksight:DeleteDataSet permission. You can use an inline policy like this:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Deny",
            "Action": "quicksight:DeleteDataSet",
            "Resource": "*"
        }
    ]
}

Amazon QuickSight Permissions: Now, you need to ensure that permissions are also restricted within Amazon QuickSight itself. Follow these steps: a. Log in to the Amazon QuickSight console. b. Click on your username in the top-right corner and choose "Manage QuickSight." c. In the QuickSight settings, click on "Security & permissions." d. Ensure that your QuickSight users/groups do not have any custom permissions that grant them the ability to delete datasets. Review their permissions to make sure they don't have the Delete action on datasets.

Best regards, Andrii

profile picture
EXPERT
answered 7 months ago
profile picture
EXPERT
reviewed 12 days ago
  • Hi Andrii, Thanks for the solution.

    Points to be noted:

    1. The user has been created with an ADMIN role.
    2. Within Security and Permissions, under Resource access for individual users and groups, a custom IAM policy has been assigned, the policy looks like this: { "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Deny", "Action": [ "quicksight:DeleteDataSet", "quicksight:DeleteAnalysis", "quicksight:DeleteDataSource", "quicksight:DeleteDashboard" ], "Resource":"*" } ] }

    Could you please advise if i am doing something wrong here?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions