当我为未注册用户生成嵌入式 QuickSight 控制面板 URL 时，如何解决 QuickSight 中的权限错误？

简短描述

后端或 Web 服务器使用的 AWS Identity and Access Management（IAM）用户或角色必须具有为未注册用户生成嵌入式 QuickSight 控制面板 URL 的权限。如果 IAM 用户或角色没有正确的权限，您会收到以下错误：

IAM 用户

An error occurred (AccessDeniedException) when calling the GenerateEmbedUrlForAnonymousUser operation: User: arn:aws:iam::XXXXXXXXXXX:user/user1 is not authorized to perform: quicksight:GenerateEmbedUrlForAnonymousUser on resource: arn:aws:quicksight:region:XXXXXXXXXXX:namespace/default because no identity-based policy allows the quicksight:GenerateEmbedUrlForAnonymousUser action

IAM 角色

An error occurred (AccessDeniedException) when calling the GenerateEmbedUrlForAnonymousUser operation: User: arn:aws:sts::XXXXXXXXXXX:user:assumed-role/role-name/policy-name is not authorized to perform: quicksight:GenerateEmbedUrlForAnonymousUser on resource: arn:aws:quicksight:region:XXXXXXXXXXX:user:namespace/default because no identity-based policy allows the quicksight:GenerateEmbedUrlForAnonymousUser action

要解决这些错误，您必须附加具有所需权限的 IAM policy。

解决方法

将以下 quicksight:GenerateEmbedUrlForAnonymousUser 操作的 IAM policy 附加到用于调用 GenerateEmbedUrlForAnonymousUser 的 IAM 用户或角色：

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "quicksight:GenerateEmbedUrlForAnonymousUser",
      "Resource": [
        "arn:aws:quicksight:<region>:<AWS Account ID>:namespace/<namespace>",
        "arn:aws:quicksight:<region>:<AWS Account ID>:dashboard/<Dashboard ID>"
      ]
    }
  ]
}

**注意：**要为未注册用户嵌入 QuickSight 控制面板 URL，QuickSight 账户上的会话容量定价必须处于活跃状态。如果它处于非活跃状态，则用户会收到 UnsupportedPricingPlanException 错误。

---

相关信息

为所有人嵌入 QuickSight 数据控制面板