- 最新
- 投票最多
- 评论最多
Hi.
I understand that you want an IAM user to be able to self-provision their own QuickSight user with the QuickSight role (ADMIN/AUTHOR/READER) determined by the IAM group they belong to.
First, QuickSight role when self-provisioning is determined by having one of the following in the applied IAM policy:
- quicksight: Create Admin
- quicksight: Create User
- quicksight: Create Reader
So you should set IAM policy to allow any of the above actions for IAM group.
https://dev.classmethod.jp/articles/quicksight-iam-provisioning/ (Sorry for Japanese, please translate)
But when I select "Manage QuickSight access to AWS services" and choose "IAM / Use existing role" I only see the option to select one role. So how would I best design this to get a different treatment for different users?
This role you're seeing is from the QuickSight admin screen, right?
This is a QuickSight service role. For example, this IAM role is used when QuickSight accesses Athena or S3 to retrieve data.
It has nothing to do with logged-in QuickSight users.
相关内容
- AWS 官方已更新 1 年前
- AWS 官方已更新 2 年前
- AWS 官方已更新 2 年前