Amazon QuickSight Guide: Shared Restricted Folders and Folder Contributor Role for Asset Sharing

/ Tutorial

Introduction

Amazon QuickSight is a powerful business analytics tool that allows users to build visualizations, perform ad-hoc analysis, and create interactive dashboards. It provides a collaborative environment where multiple users can work on data assets and share them with others. In this guide, we will explore the newly launched shared restricted folders and the folder Contributor role in Amazon QuickSight, which enable more controlled and centralized management of asset sharing.

Table of Contents

  1. Overview of Shared Restricted Folders and Folder Contributor Role
  2. How to create a Shared Restricted Folder using the QuickSight CreateFolder API
  3. Assigning the Folder Contributor Role to a QuickSight User or Group
  4. Understanding the Permissions of a Folder Contributor
  5. Managing Data Sources in Shared Restricted Folders
  6. Benefits of using Shared Restricted Folders and Folder Contributor Role
  7. Best Practices for Configuring and Using Shared Restricted Folders
  8. Advanced Techniques for Maximizing Asset Sharing and Collaboration
  9. Optimization Techniques for Enhanced Performance in QuickSight
  10. Troubleshooting Common Issues in Shared Restricted Folders
  11. Conclusion

1. Overview of Shared Restricted Folders and Folder Contributor Role

Amazon QuickSight now introduces a new type of shared folder called restricted folders. These folders are designed to restrict assets from being removed or modified by unauthorized users. When combined with the Contributor role, restricted folders can provide granular control over asset sharing permissions.

The Contributor role allows users to create, edit, and delete assets within a shared folder, similar to an Owner. However, Contributors do not have the authority to delete the folder itself or modify permissions on the folder or its assets.

This new feature enables administrators to create a more controlled environment for asset sharing, ensuring that sensitive data and visualizations are not accidentally deleted or modified by unauthorized users.

2. How to create a Shared Restricted Folder using the QuickSight CreateFolder API

To create a shared restricted folder in Amazon QuickSight, you can utilize the CreateFolder API provided by the platform. This API allows administrators to programmatically create folders with the necessary restrictions and permissions.

In your development environment, make use of the CreateFolder API to create a new shared restricted folder. Specify the folder name, folder ID, and any additional attributes required. This approach provides flexibility and integrates well with existing systems and workflows.

3. Assigning the Folder Contributor Role to a QuickSight User or Group

To enable asset sharing within a shared restricted folder, the Folder Contributor role needs to be assigned to the relevant QuickSight users or groups.

Navigate to the folder settings in Amazon QuickSight and locate the Permissions section. Choose the desired user or group and assign the Folder Contributor role. By doing so, the assigned users or groups gain the ability to create, edit, and delete assets within the shared folder, without the risk of compromising folder or asset-level permissions.

4. Understanding the Permissions of a Folder Contributor

The Folder Contributor role grants specific permissions to users or groups within a shared restricted folder. While Contributors enjoy extensive capabilities within the folder, they are still restricted in certain areas to maintain data integrity and prevent accidental modifications.

Below are the key permissions granted to Folder Contributors:

  • Create, edit, and delete assets in the shared folder.
  • View assets within the folder.
  • Assign permissions to individual assets within the folder.
  • Export data from assets they have access to.
  • Share assets with other users or groups within the same folder, subject to additional granular controls.

5. Managing Data Sources in Shared Restricted Folders

One of the significant advancements in shared restricted folders is the ability for data sources to inherit permissions from the folder itself. This simplifies the management of permissions for all asset types, including data sources.

When a data source is added to a shared restricted folder, it automatically inherits the folder-level permissions, ensuring consistent access control. This centralized management streamlines the overall administration process, reducing the effort required to maintain access rights for multiple assets.

6. Benefits of using Shared Restricted Folders and Folder Contributor Role

Implementing shared restricted folders and the Folder Contributor role in Amazon QuickSight offers numerous benefits for organizations:

  1. Controlled Asset Sharing: Restricted folders prevent assets from being removed or modified by unauthorized users, protecting sensitive data from accidental deletions or modifications.

  2. Centralized Management: Folder-level permissions allow administrators to manage access controls for multiple assets in a single location, reducing complexity and ensuring consistency.

  3. Collaboration without Risk: The Folder Contributor role allows users to collaborate and work on shared assets, confident that they can’t inadvertently delete or modify critical data.

  4. Streamlined Administration: Inheriting permissions for data sources from the shared folder simplifies the management of permissions across various asset types.

  5. Enhanced Security: Restricted folders help maintain data integrity and prevent unauthorized access by limiting asset modifications.

7. Best Practices for Configuring and Using Shared Restricted Folders

To maximize the benefits of shared restricted folders and ensure a smooth experience for users, consider the following best practices:

  1. Clearly Define Folder and Asset Permissions: Create a well-defined permission structure for folders and assets to ensure appropriate access levels are granted to different users or groups.

  2. Regularly Review and Update Permissions: Continuously monitor and update permissions to reflect organizational changes, such as new hires or role changes.

  3. Leverage Groups for Efficient Management: Utilize groups to assign permissions instead of individual users. This approach simplifies administration and ensures consistency across teams.

  4. Limit the Number of Folder Contributors: Restrict the number of users with the Contributor role to maintain control and mitigate the risk of unauthorized modifications.

  5. Educate Users on Asset Sharing Best Practices: Train users on the proper use of shared assets and encourage responsible collaboration to minimize accidental data loss or modifications.

8. Advanced Techniques for Maximizing Asset Sharing and Collaboration

Take advantage of the following advanced techniques to further enhance asset sharing and collaboration in Amazon QuickSight:

  1. Cross-Folder Sharing: Enable users to share assets with other users or groups across multiple restricted folders, promoting collaboration between different teams or departments.

  2. Asset Versioning: Implement a version control system to track changes made to shared assets. This ensures transparency and enables users to revert to previous versions if needed.

  3. Fine-Grained Permission Control: Leverage asset-level permissions to grant more granular access to particular users or groups within a shared folder. This allows for better control of sensitive data.

  4. Scheduled Asset Refresh: Configure automatic data refresh for shared assets to provide up-to-date analytics to all users, reducing reliance on manual updates.

9. Optimization Techniques for Enhanced Performance in QuickSight

To ensure optimal performance in Amazon QuickSight, consider the following techniques:

  1. Data Source Optimization: Structure your data sources in a way that enhances query performance, such as indexing and partitioning.

  2. Visualization Design Best Practices: Follow best practices for visualization design to minimize render time and improve user experience.

  3. Caching and Pre-Aggregation: Utilize QuickSight caching and pre-aggregation capabilities to reduce query times and improve overall performance.

  4. Query Performance Monitoring: Monitor query performance and identify bottlenecks to optimize and fine-tune dashboards and visualizations.

10. Troubleshooting Common Issues in Shared Restricted Folders

In a collaborative environment like Amazon QuickSight, you may encounter occasional issues or errors. Here are some common problems and troubleshooting steps:

  1. User Permission Mismatch: Ensure that users have the required permissions to access shared restricted folders and assets. Double-check user assignments and verify if any recent changes were made.

  2. Data Source Connection Issues: Check data source connections and credentials to ensure they are correctly configured and accessible.

  3. Asset Deletion Accident: If an asset is accidentally deleted, administrators can often recover it from the trash or undo the deletion within a certain timeframe.

  4. Data Refresh Failures: Investigate data refresh failures by checking data source configurations, connectivity, or potential issues with the data itself.

11. Conclusion

Amazon QuickSight’s shared restricted folders and folder Contributor role provide a robust solution for controlled asset sharing and centralized management in a collaborative analytics environment. By implementing these features, organizations can ensure data integrity, streamline administration, and promote effective collaboration across teams. Understand the key concepts, follow best practices, and leverage advanced techniques to optimize asset sharing and maximize the benefits of Amazon QuickSight.