A user in my Amazon QuickSight account got deleted, and now I can't access the orphaned resources owned by the deleted user.
Short description
To restore access to a deleted user's orphaned resources in QuickSight, use the AWS Command Line Interface (AWS CLI) commands to identify the resources. Then, make another QuickSight user the owner of the resources.
You can also use the QuickSight asset management console to view, manage, and transfer resources instead of the AWS CLI.
Resolution
Note: If you receive errors when you run AWS CLI commands, then see Troubleshoot AWS CLI errors. Also, make sure that you're using the most recent AWS CLI version.
In the following AWS CLI commands, where necessary replace:
- account_id with the deleted user's AWS account ID
- Region with the AWS Region that you're in
- quicksight_user_arn with the ARN of the other QuickSight user (new resource owner)
- analysis_id with the ID of the orphaned analysis
- dashboard_id with the ID of the orphaned dashboard
- dataset_id with the ID of the orphaned dataset
- data_source_id with the ID of the orphaned data source
Identify the IDs of the orphaned analyses
-
Use the list-analyses AWS CLI command to identify the IDs of the orphaned analyses:
aws quicksight list-analyses --aws-account-id account_id --region Region
-
Use the update-analysis-permissions AWS CLI command to make another QuickSight user the owner of each analysis:
aws quicksight update-analysis-permissions --aws-account-id account_id --analysis-id analysis_id --grant-permissions Principal=quicksight_user_arn,Actions=quicksight:RestoreAnalysis,quicksight:UpdateAnalysisPermissions,quicksight:DeleteAnalysis,quicksight:DescribeAnalysisPermissions,quicksight:QueryAnalysis,quicksight:DescribeAnalysis,quicksight:UpdateAnalysis --region Region
Identify the IDs of the orphaned dashboards
-
Use the list-dashboards AWS CLI command to identify the IDs of the orphaned dashboards:
aws quicksight list-data-sets --aws-account-id account_id --region Region
-
Use the update-dashboard-permissions AWS CLI command to make another QuickSight user the owner of each dashboard:
aws quicksight update-data-set-permissions --aws-account-id account_id --data-set-id dataset_id --grant-permissions Principal=quicksight_user_arn,Actions=quicksight:UpdateDataSetPermissions,quicksight:DescribeDataSet,quicksight:DescribeDataSetPermissions,quicksight:PassDataSet,quicksight:DescribeIngestion,quicksight:ListIngestions,quicksight:UpdateDataSet,quicksight:DeleteDataSet,quicksight:CreateIngestion,quicksight:CancelIngestion --region Region
Identify the orphaned data sources
-
Use the list-data-sources AWS CLI command to identify the IDs of the orphaned data sources:
aws quicksight list-data-sources --aws-account-id account_id --region Region
-
Use the update-data-source-permissions AWS CLI command to make another QuickSight user the owner of each data source:
aws quicksight update-data-source-permissions --aws-account-id account_id --data-source-id data_source_id --grant-permissions Principal=quicksight_user_arn,Actions=quicksight:UpdateDataSourcePermissions,quicksight:DescribeDataSource,quicksight:DescribeDataSourcePermissions,quicksight:PassDataSource,quicksight:UpdateDataSource,quicksight:DeleteDataSource --region Region
Repeat the steps for each of the deleted user's resources.
Related information
Amazon QuickSight launches admin asset management console