QuickSight has three standard user profiles - Admin, Author and Reader
Custom permissions allows you to further customize these profiles by taking away capabilities as needed to suit your use case. For example, you might have a core data curation team who is in charge of setting up datasets for BI analysts to use. In this scenario, you might want to allow only the data curators to create datasets and prevent BI analysts from doing so. Using custom permissions, you can create a restricted author permission wherein creation of datasources and datasets is not allowed and can apply this custom permission to BI analysts.
Exercise 1 - Create custom permission
In QuickSight (admin user) tab, Click Username from top right and choose Manage QuickSight.
In Management console, click Manage permissions button.
In Manage custom permissions screen, click Create button.
Enter name as QSWS-CustomPermission - For purposes of this lab, it is important that you use this exact same name as this is referenced in subsequent section. When setting up for real in your own environment, you can use any name that makes sense to you.
Check the boxes for Creating or updating all data sources and Creating or updating all datasets.
Click Create button.
Click QuickSight icon to return to console.
Exercise 2 - Check current access
Click Datasets from left panel and note that you still see (don’t click) the New dataset button.
Click on QSTCF-Dataset and note that you see (don’t click) options to edit and duplicate the dataset.
Click X to close the dataset menu.
Click Username ** from top right and choose Manage QuickSight.
Note that Permissions column is blank against admin user. ie - We created a custom permission but haven’t attached it to admin user yet. Don’t exit the management panel view. We will come back to this in next step.
Exercise 3 - Apply custom permission to admin user
In Cloud9, execute following update-user command to apply custom permission to our admin user. We are picking admin user here for ease of demonstration.