A user in my Amazon QuickSight account got deleted, and now I can't access the orphaned resources owned by the deleted user. How do I regain access?
Short description
To restore access to a deleted user's orphaned resources in Amazon QuickSight, use the AWS Command Line Interface commands to identify the resources. Then, make another QuickSight user the owner of the resources.
Note: If you receive errors when running AWS CLI commands, make sure that you're using the most recent AWS CLI version.
Resolution
Note: In the following AWS CLI commands, where necessary replace:
- account_id with the deleted user's AWS account ID
- Region with the AWS Region that you're in
- quicksight_user_arn with the ARN of the other QuickSight user (new resource owner)
- analysis_id with the ID of the orphaned analysis
- dashboard_id with the ID of the orphaned dashboard
- dataset_id with the ID of the orphaned dataset
- data_source_id with the ID of the orphaned data source
Identify the IDs of the orphaned analyses
1. Use the list-analyses CLI command to identify the IDs of the orphaned analyses:
aws quicksight list-analyses --aws-account-id account_id --region Region
2. Use the update-analysis-permissions CLI command to make another QuickSight user the owner of each analysis:
aws quicksight update-analysis-permissions --aws-account-id account_id --analysis-id analysis_id --grant-permissions Principal=quicksight_user_arn,Actions=quicksight:RestoreAnalysis,quicksight:UpdateAnalysisPermissions,quicksight:DeleteAnalysis,quicksight:DescribeAnalysisPermissions,quicksight:QueryAnalysis,quicksight:DescribeAnalysis,quicksight:UpdateAnalysis --region Region
Identify the IDs of the orphaned dashboards
1. Use the list-dashboards CLI command to identify the IDs of the orphaned dashboards:
aws quicksight list-dashboards --aws-account-id account_id --region Region
2. Use the update-dashboard-permissions CLI command to make another QuickSight user the owner of each dashboard:
aws quicksight update-dashboard-permissions --aws-account-id account_id --dashboard-id dashboard_id --grant-permissions Principal=quicksight_user_arn,Actions=quicksight:DescribeDashboard,quicksight:ListDashboardVersions,quicksight:UpdateDashboardPermissions,quicksight:QueryDashboard,quicksight:UpdateDashboard,quicksight:DeleteDashboard,quicksight:UpdateDashboardPublishedVersion,quicksight:DescribeDashboardPermissions --region Region
Identify the orphaned datasets
1. Use the list-data-sets CLI command to identify the IDs of the orphaned datasets:
aws quicksight list-data-sets --aws-account-id account_id --region Region
2. Use the update-data-set-permissions CLI command to make another QuickSight user the owner of each dataset:
aws quicksight update-data-set-permissions --aws-account-id account_id --data-set-id dataset_id --grant-permissions Principal=quicksight_user_arn,Actions=quicksight:UpdateDataSetPermissions,quicksight:DescribeDataSet,quicksight:DescribeDataSetPermissions,quicksight:PassDataSet,quicksight:DescribeIngestion,quicksight:ListIngestions,quicksight:UpdateDataSet,quicksight:DeleteDataSet,quicksight:CreateIngestion,quicksight:CancelIngestion --region Region
Identify the orphaned data sources
1. Use the list-data-sources CLI command to identify the IDs of the orphaned data sources:
aws quicksight list-data-sources --aws-account-id account_id --region Region
2. Use the update-data-source-permissions CLI command to make another QuickSight user the owner of each data source:
aws quicksight update-data-source-permissions --aws-account-id account_id --data-source-id data_source_id --grant-permissions Principal=quicksight_user_arn,Actions=quicksight:UpdateDataSourcePermissions,quicksight:DescribeDataSource,quicksight:DescribeDataSourcePermissions,quicksight:PassDataSource,quicksight:UpdateDataSource,quicksight:DeleteDataSource --region Region
Repeat the steps for each of the deleted user's resources.