How do I access orphaned resources of a deleted user in QuickSight?

Short description

To restore access to a deleted user's orphaned resources in Amazon QuickSight, use the AWS Command Line Interface commands to identify the resources. Then, make another QuickSight user the owner of the resources.

Note: If you receive errors when running AWS CLI commands, make sure that you're using the most recent AWS CLI version.

Resolution

Note: In the following AWS CLI commands, where necessary replace:

• account_id with the deleted user's AWS account ID
• Region with the AWS Region that you're in
• quicksight_user_arn with the ARN of the other QuickSight user (new resource owner)
• analysis_id with the ID of the orphaned analysis
• dashboard_id with the ID of the orphaned dashboard
• dataset_id with the ID of the orphaned dataset
• data_source_id with the ID of the orphaned data source

Identify the IDs of the orphaned analyses

1.    Use the list-analyses CLI command to identify the IDs of the orphaned analyses:

aws quicksight list-analyses --aws-account-id account_id --region Region

2.    Use the update-analysis-permissions CLI command to make another QuickSight user the owner of each analysis:

aws quicksight update-analysis-permissions --aws-account-id account_id --analysis-id analysis_id --grant-permissions Principal=quicksight_user_arn,Actions=quicksight:RestoreAnalysis,quicksight:UpdateAnalysisPermissions,quicksight:DeleteAnalysis,quicksight:DescribeAnalysisPermissions,quicksight:QueryAnalysis,quicksight:DescribeAnalysis,quicksight:UpdateAnalysis --region Region

Identify the IDs of the orphaned dashboards

1.    Use the list-dashboards CLI command to identify the IDs of the orphaned dashboards:

aws quicksight list-dashboards --aws-account-id account_id --region Region

2.    Use the update-dashboard-permissions CLI command to make another QuickSight user the owner of each dashboard:

aws quicksight update-dashboard-permissions --aws-account-id account_id --dashboard-id dashboard_id --grant-permissions Principal=quicksight_user_arn,Actions=quicksight:DescribeDashboard,quicksight:ListDashboardVersions,quicksight:UpdateDashboardPermissions,quicksight:QueryDashboard,quicksight:UpdateDashboard,quicksight:DeleteDashboard,quicksight:UpdateDashboardPublishedVersion,quicksight:DescribeDashboardPermissions --region Region

Identify the orphaned datasets

1.    Use the list-data-sets CLI command to identify the IDs of the orphaned datasets:

aws quicksight list-data-sets --aws-account-id account_id --region Region

2.    Use the update-data-set-permissions CLI command to make another QuickSight user the owner of each dataset:

aws quicksight update-data-set-permissions --aws-account-id account_id --data-set-id dataset_id --grant-permissions Principal=quicksight_user_arn,Actions=quicksight:UpdateDataSetPermissions,quicksight:DescribeDataSet,quicksight:DescribeDataSetPermissions,quicksight:PassDataSet,quicksight:DescribeIngestion,quicksight:ListIngestions,quicksight:UpdateDataSet,quicksight:DeleteDataSet,quicksight:CreateIngestion,quicksight:CancelIngestion --region Region

Identify the orphaned data sources

1.    Use the list-data-sources CLI command to identify the IDs of the orphaned data sources:

aws quicksight list-data-sources --aws-account-id account_id --region Region

2.    Use the update-data-source-permissions CLI command to make another QuickSight user the owner of each data source:

aws quicksight update-data-source-permissions --aws-account-id account_id --data-source-id data_source_id --grant-permissions Principal=quicksight_user_arn,Actions=quicksight:UpdateDataSourcePermissions,quicksight:DescribeDataSource,quicksight:DescribeDataSourcePermissions,quicksight:PassDataSource,quicksight:UpdateDataSource,quicksight:DeleteDataSource --region Region

Repeat the steps for each of the deleted user's resources.

---