By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Cannot Update Account Name Mapping or view any QS datasets for CID Dashboards due to DataLake Permissions

0

I was trying to update the CID Dashboards to display account names as per this doc(https://catalog.workshops.aws/awscid/en-US/dashboards/foundational/cudos-cid-kpi/add-accounts) . When I run the query I get this error... Failed Time in queue: 53 ms Run time: 884 ms Data scanned:

Insufficient Lake Formation permission(s): Required Alter on account_map (Service: AmazonDataCatalog; Status Code: 400; Error Code: AccessDeniedException; Request ID: 3b088179-ac9a-4a3e-a4a7-bfe07cf755fd; Proxy: null) This query ran against the "cid_cur" database, unless qualified by the query. Please post the error message on our forum or contact customer support with Query Id: 2d0fbce8-474c-4f7a-b202-946c135db68f

Also just trying to view the DataSets In QuickSight I get this error... You don’t have sufficient permissions to connect to this dataset or run this query. Contact your administrator for assistance. Error details region: us-east-1 timestamp: 1697652800230 requestId: dfbcb3ea-3dee-40ae-8e3c-795273b16011 sourceErrorCode: 100071 sourceErrorMessage: [Simba]AthenaJDBC An error has been thrown from the AWS Athena client. You are not authorized to perform: athena:ListDatabases on the resource. After your AWS administrator or you have updated your permissions, please try again. [Execution ID not available] sourceErrorState: HY000 sourceException: java.sql.SQLException sourceType: ATHENA

Why can't I update these items that I installed? I am running as Full Admin privs.

Topics
Analytics
Tags
Amazon AthenaAmazon QuickSightAWS Lake Formation
Language
English
Brian S
asked 6 months ago359 views
1 Answer
0

Hello,

Looking at the error message, it seems there was a lack of permission.

Please refer the below mentioned documents [+] https://repost.aws/knowledge-center/quicksight-access-denied-athena-data [+] https://community.amazonquicksight.com/t/why-cant-i-edit-cid-datasets/20046

This error generally occurs when there are missing permissions in Lake Formation. If you are querying data with Amazon Athena, you can use AWS Lake Formation to simplify how you secure and connect to your data from Amazon QuickSight.

Please follow below steps to grant SELECT permissions on database ‘your_database_name’ and table ‘your_table_name’ to the Quicksight user/group:

  1. Sign in to the AWS Lake Formation console as the data lake administrator.
  2. Choose Database.
  3. Select 'Your_database_name'
  4. From the Actions drop-down menu, choose View permissions. You will see a list of principals with associated permissions for each resource type.
  5. Choose Grant.
  6. Select the drop down menu for ‘SAML users and groups’.
  7. Add Quicksight user arn.
  8. Select tables.
  9. For Table permissions, select SELECT.
  10. Choose Grant.
  11. Following the same steps, you will also need to do the same for the QuickSight service role "aws-quicksight-service-role-v0". Choose IAM users and roles for this.

After granting permissions, please check if you are able to list databases while creating Athena dataset.

Please raise a support case in case this issue persists.

AWS
SUPPORT ENGINEER
Dev_G
answered 6 months ago
profile picture
EXPERT
Giovanni Lauria
reviewed a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content