# Organizing assets into folders for Amazon Quick Sight Organizing assets into folders | | | --- | |  Applies to: Enterprise Edition  | In Quick Enterprise edition, your team members can create personal and shared folders to add hierarchical structure to Quick Sight asset management. Using folders, people can more easily organize, navigate through, and discover dashboards, analyses, datasets, data sources, and topics. Within a folder, you can still use your usual tools to search for assets or to add assets to your favorites list. You can use the following types of folders with Quick Sight: + Personal folders to organize work for yourself. Personal folders are visible only to the person who owns them. You can't transfer ownership of personal folders to anyone else. + Shared folders: + **Shared folders** organize work and simplify sharing among multiple people. To create and manage shared folders, you need to be a Quick Sight administrator. + **Shared restricted folders** are a type of shared folder in Quick Sight that ensure that assets remain in the shared folder. Assets that are created from assets that exist within a shared restricted folder must also stay in the restricted folder. Assets that are located in restricted folders can't be moved or shared outside of the restricted folder. For example, if you create a dataset that uses a data source that's located in a shared restricted folder, the new dataset can't be moved outside of that shared restricted folder. Assets that are located in a restricted folder can be moved within the restricted folder tree into one or more subfolders. Subfolders of restricted folders behave like restricted folders, but dependent assets can exist in different subfolders under the same root restricted folder. The root restricted folder acts as a boundary that all assets in all subfolders can exist in as long as they remain within the root folder tree. For example, a dataset that is located in one subfolder can use a data source that is located either another subfolder in the same folder tree or in the root folder. Any supported asset type can be created in a root folder or in any of its subfolders. Users can have different roles in different subfolders. Subfolder permissions are inherited from the parent folders of that subfolder. Restricted folders can only be created with the Quick Sight [https://aws.amazon.com/quicksight/latest/APIReference/API_CreateFolder.html](https://aws.amazon.com/quicksight/latest/APIReference/API_CreateFolder.html) API operation. + Users that are viewers on a folder and have the Author or Admin role in Quick can view all asset types that are in the folder. Users that are viewers on a folder and have the Reader role in Quick can only see dashboards and stories that are in the folder. All shared folders are visible to people who have access to them. Use the following topics to learn more about creating and configuring a folder or subfolder in Quick Sight. **Topics** + [ # Considerations for Quick Sight folders ](folders-limitations.md) + [ # Overview of Quick Sight folders ](folders-functionality.md) + [ # Permissions for Quick Sight shared folders ](folders-security.md) + [ # Create and manage membership permissions for Quick Sight shared folders ](sharing-folders.md) + [ # Creating Quick Sight scaled folders with the Quick Sight APIs ](folders-scaled.md) # Considerations for Quick Sight folders Considerations Before you get started creating and modifying folders in Amazon Quick Sight, review the following limitations that apply to Quick Sight folders. + You can't share folders in your AWS account with people in other AWS accounts. + For people who have Quick reader permissions, the following limitations apply: + Readers can't own a personal or shared folder. + Readers can't create or manage folders or folder content. + Readers can't have the *contributor* access level. + In shared folders, readers can only see dashboard assets. In addition, these limitations apply specifically to shared folders: + The name of a shared folder (at the top level of the tree) must be unique in your AWS account. + In a single folder, multiple assets can't have the same name. For example, in your top-level folder, you can't create two subfolders with the same name. In the same folder, you can't add two assets with the same name, even if they have different asset IDs. The path to each asset behaves like an Amazon S3 key name. It must be unique in your AWS account. + Restricted shared folders can only be created with the Quick Sight CLI. See [Overview of Quick Sight folders](folders-functionality.md) to learn more about the different types of folder available in Amazon Quick Sight. # Overview of Quick Sight folders In Quick Sight, you can create personal and shared folders. You can also favorite your personal or shared folders for quick access by choosing the favorite ( ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/favorite-icon.png)) icon next to it. You can do the following with personal folders: + Create subfolders. + Add assets to your folder, including analyses, dashboards, datasets, and data sources. To add assets to a personal folder, you must already have access to the assets. Multiple assets can have the same name. **Shared folders (unrestricted)** Quick administrators can perform the following tasks with shared folders. + Create or delete a shared folder and subfolders inside of it. You can move either of these around within the top-level folder. + Add or remove owners, contributors, and viewers. When you make a person an *owner* of the folder, you give them ownership of every asset in the folder. For more information, see [Permissions for Quick Sight shared folders](folders-security.md). The following table summarizes the actions that a Quick user can take when working with unrestricted shared folders based on their role. **** | Action | Owner | Contributor | Viewer | | --- | --- | --- | --- | | Share an asset in a folder with users that don't have access to the folder | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/success_icon.svg) Yes | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/negative_icon.svg) No | | Modify folder permissions | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/success_icon.svg) Yes | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/negative_icon.svg) No | | Create assets in the folder | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/success_icon.svg) Yes | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/success_icon.svg) Yes | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/negative_icon.svg) No | | Modify assets in the folder | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/success_icon.svg) Yes | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/success_icon.svg) Yes | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/negative_icon.svg) No | | Delete assets in the folder | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/success_icon.svg) Yes | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/success_icon.svg) Yes | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/negative_icon.svg) No | | Add an existing asset to a folder | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/success_icon.svg) Yes | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/success_icon.svg) Yes | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/negative_icon.svg) No | | Remove an asset from a shared folder | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/success_icon.svg) Yes | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/negative_icon.svg) No | | View assets in the folder | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/success_icon.svg) Yes | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/success_icon.svg) Yes | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/success_icon.svg) Yes | | Create downstream assets outside of the shared folder that use assets that are located in the shared folder | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/success_icon.svg) Yes | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/success_icon.svg) Yes | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/success_icon.svg) Yes\$1 | | Create downstream assets in the folder that use assets that are located outside of the folder | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/success_icon.svg) Yes | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/success_icon.svg) Yes | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/negative_icon.svg) No | | Create subfolders | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/success_icon.svg) Yes | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/success_icon.svg) Yes | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/negative_icon.svg) No | | Delete subfolders | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/success_icon.svg) Yes | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/negative_icon.svg) No | | Manage subfolder permissons | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/success_icon.svg) Yes | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/negative_icon.svg) No | | Add existing assets to subfolders | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/success_icon.svg) Yes | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/negative_icon.svg) No | | Create new assets in subfolders | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/success_icon.svg) Yes | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/success_icon.svg) Yes | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/negative_icon.svg) No | | Delete assets in subfolders | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/success_icon.svg) Yes | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/success_icon.svg) Yes | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/negative_icon.svg) No | \$1The user must be assigned an admin or author role to create assets. **Restricted shared folders** Restricted shared folders provide an additional security boundary that restricts the sharing of data outside of the folder. Administrators with the appropriate IAM permissions can perform the following tasks with restricted shared folders. + Restricted folders can be created using the `CreateFolder` API operation. For more information about the `CreatFolder` API operation, see [CreateFolder](https://docs.aws.amazon.com/quicksight/latest/APIReference/API_CreateFolder.html). + The contributor role is assigned to users that can create and edit assets within the restricted folders. Contributors can't manage the permissions of the folder or of the assets that are in the restricted folder. + Administrators can assign folder contributor and viewer permissions to users with the `UpdateFolderPermissions` API operation. For more information about the `UpdateFolderPermissions` API operation, see [UpdateFolderPermissions](https://docs.aws.amazon.com/quicksight/latest/APIReference/API_UpdateFolderPermissions.html). The following table summarizes the actions that a Quick Sight user can take when working with restricted shared folders based on their role. **** | Action | Contributor | Viewer | | --- | --- | --- | | Share an asset in a folder with users that don't have access to the folder | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/negative_icon.svg) No | | Modify folder permissions | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/negative_icon.svg) No | | Create assets in the folder | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/success_icon.svg) Yes | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/negative_icon.svg) No | | Modify assets in the folder | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/success_icon.svg) Yes | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/negative_icon.svg) No | | Delete assets from the folder | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/success_icon.svg) Yes | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/negative_icon.svg) No | | Add an existing asset to a folder | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/negative_icon.svg) No | | Remove an asset from a shared folder | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/negative_icon.svg) No | | View assets in the folder | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/success_icon.svg) Yes | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/success_icon.svg) Yes | | Create downstream assets outside of the shared folder that use assets that are located in the shared folder | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/negative_icon.svg) No | | Create downstream assets in the folder that use assets that are located outside of the folder | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/negative_icon.svg) No | | Create subfolders | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/success_icon.svg) Yes | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/negative_icon.svg) No | | Delete subfolders | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/negative_icon.svg) No | | Manage subfolder permissions | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/negative_icon.svg) No | | Add existing assets to subfolders | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/negative_icon.svg) No | | Create new assets in subfolders | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/success_icon.svg) Yes | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/negative_icon.svg) No | | Delete assets from subfolders | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/success_icon.svg) Yes | ![\[alt text not found\]](http://docs.aws.amazon.com/quick/latest/userguide/images/negative_icon.svg) No | The owner role is not supported for restricted shared folders. After you choose which folder type best fits your use case, see [Permissions for Quick Sight shared folders](folders-security.md) and [Create and manage membership permissions for Quick Sight shared folders](sharing-folders.md) to create folders and set up folder permissions. # Permissions for Quick Sight shared folders Permissions Shared folders have three permission levels. To set folder-level permissions for a user or group, see [Create and manage membership permissions for Quick Sight shared folders](sharing-folders.md). + **Owners** - The folder *owner* owns everything (folders, analyses, dashboards, datasets, data sources, topics) inside of the folder. They can create, edit, and delete the assets in the folder, modify permissions on the folder and its assets, and delete the folder entirely. The owner role is not supported for restricted shared folders. + **Contributors** - A *contributor* can create, edit, and delete assets in a folder just like an owner. They can't delete the folder or modify permissions on the folder or on assets where they have contributor access that they inherited from the folder. + **Viewers** - A *viewer* can only view the assets (folders, dashboards, datasets, data sources, topics) in the folder. A viewer can't edit or share those assets. The following rules also apply to security for shared folders: + Quick readers' sharing status for a folder gets shared with the folder. However, a reader gets only read access to folders, and only dashboard access to visuals. + AWS security is enforced on every object within a folder. The folder applies the same type of security to the assets of whoever the folder is shared with according to their access level (admin, author, or reader). + The *top-level folder* is the root folder of any subfolders. When a subfolder is shared at any level, the person whom the folder was shared with sees the root folder in the top-level folders view. + The folder permission is the permission on the current folder, combined with permissions of all the folders leading to the root folder. + A *shared asset* inherits its permission from the folder. A shared asset is created when an asset that belongs to the folder owner is added to a shared folder. + If you own an unrestricted shared folder, you can transfer ownership of the folder to another Quick admin. + The owner role is not supported for restricted folders. The contributor role is assigned to authors that create and edit assets within the restricted folders. Folder contributors can't manage the permissions of the restricted folder or its assets. + The correct IAM permissions are required to update the permissions of a restricted shared folder with the `UpdateFolderPermissions` API. To create and manage permissions of a shared folder, see [Create and manage membership permissions for Quick Sight shared folders](sharing-folders.md). # Create and manage membership permissions for Quick Sight shared folders Create a shared folder **Shared folders (unrestricted)** To create a shared folder and to share the folder with one or more groups in the Quick console, you must be an Amazon QuickSight administrator. You can also create a shared folder with the `CreateFolder` API operation. Use the following procedure to share or modify the membership permissions of a shared folder. 1. From the left navigation, choose **Folders** then **Shared Folders**. Find the folder that you want to share or manage permissions for. 1. To open the actions menu for that folder's row, choose the ellipsis (three dots). 1. Choose **Share**. 1. In the **Share folder** modal, add the groups and users with whom you want to share the contents of the folder. 1. For each user and group that you add, choose a permission level from the **Permissions** menu in that row. 1. To update the permission type for an existing user, choose **Manage folder access**. 1. When you're done setting user and group permissions for the folder, choose **Share**. Users are not notified that they now have access to the folder. **Restricted shared folders** Restricted shared folders can only be created with the `CreateFolder` API operation. The following example creates a restricted shared folder. ``` aws quicksight create-folder \ --aws-account-id AWSACCOUNTID \ --region us-east-1 \ --folder-id example-folder-name \ --folder-type RESTRICTED \ --name "Example Folder" \ ``` After you create a restricted shared folder, assign folder contributor and viewer permissions with a `UpdateFolderPermissions` API call. The following example updates the permissions of a restricted shared folder to grant contributor permissions to a user. ``` aws quicksight update-folder-permissions \ --aws-account-id AWSACCOUNTID \ --region us-east-1 \ --folder-id example-folder-name \ --grant-permissions Principal=arn:aws:quicksight::us-east- 1::AWSACCOUNTID:user/default/:username,Actions=quicksight:CreateFolder ,quicksight:DescribeFolder, \ quicksight:CreateFolderMembership,quicksight:DeleteFolderMembership,qu icksight:DescribeFolderPermissions \ ``` The permissions that you pass to the user depend on the type of folder role that you want to grant them. Use the following lists to determine which permissions are needed for the user that you want to grant folder access to. **Folder owner** + quicksight:CreateFolder + quicksight:DescribeFolder + quicksight:UpdateFolder + quicksight:DeleteFolder + quicksight:CreateFolderMembership + quicksight:DeleteFolderMembership + quicksight:DescribeFolderPermissions + quicksight:UpdateFolderPermissions **Folder contributor** + quicksight:CreateFolder + quicksight:DescribeFolder + quicksight:CreateFolderMembership + quicksight:DeleteFolderMembership + quicksight:DescribeFolderPermissions **Folder viewer** + quicksight:DescribeFolder After you create a shared folder, you can begin using the folder in Quick Sight. You can also use the Quick Sight APIs to create special scaled folders that can be shared with up to 3000 namespaces. To learn more about creating a scaled folder, see [Creating Quick Sight scaled folders with the Quick Sight APIs](folders-scaled.md). # Creating Quick Sight scaled folders with the Quick Sight APIs Creating scaled folders with the Quick Sight APIs You can use the Amazon Quick Sight APIs to create special scaled folders that can be shared with up to 3000 namespaces. Each namespace that is added to a folder can contain up to 100 principals. A *principal* is a user or a group of users. After you create a scaled folder and add the principals that you want, any QuickSight asset can be added to the folder. It can then be shared to every principal in the namespaces that the folder principals are assigned to. This streamlines the process to share Quick Sight assets with thousands of users. Scaled folders can only be created with the Quick Sight APIs. When you create a scaled folder, you can share the folder with up to 100 principals that are in the same namespace. You can add principals that belong to a different namespace with an `UpdateFolderPermissions` API call. After the folder is created, you can add and remove assets from the folder with the Quick Sight APIs or the Quick console. Each Amazon Quick Sight account holds up 100 scaled folders. You can add up to 100 assets to a scaled folder. If you want to share a scaled folder with more than 3000 namespaces, contact [AWS support](https://aws.amazon.com/contact-us/). ## Examples The following examples show how to create a scaled folder with the Quick Sight APIs. **Prerequisites** Before you begin, verify that you have an AWS Identity and Access Management role that grants the API user access to call the Quick Sight API operations. The following example shows an IAM policy that you can add to an existing IAM role to create, delete, or modify a scaled folder. With the sample policy, users can add dashboards, analyses, and datasets to a scaled folder. ------ #### [ JSON ] **** ``` { "Version":"2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "quicksight:CreateFolder", "quicksight:CreateFolderMembership", "quicksight:DeleteFolderMembership", "quicksight:DeleteFolder", "quicksight:DescribeFolderPermissions", "quicksight:DescribeFolderResolvedPermissions", "quicksight:UpdateFolderPermissions", "quicksight:UpdateDashboardPermissions", "quicksight:UpdateAnalysisPermissions", "quicksight:UpdateDataSetPermissions" ], "Resource": "*" } ] } ``` ------ The following example creates a scaled folder. ``` aws quicksight create-folder \ --aws-account-id "AWSACCOUNTID" \ --region "us-east-1" \ --name "eastcoast-users" \ --sharing-model "NAMESPACE" \ --folder-id "eastcoast-users" ``` After you create a scaled folder, share the folder with a principal in your account. You can only grant or revoke permissions to users and groups that are within the same namespace in each API call. The following example shares a scaled folder with a user in the same account that the folder exists in. ``` aws quicksight update-folder-permissions \ --aws-account-id "AWSACCOUNTID" \ --region "us-east-1" \ --folder-id "eastcoast-users" \ --grant-permissions \ '[ {"Actions": ["quicksight:DescribeFolder", "quicksight:UpdateFolder", "quicksight:DeleteFolder", "quicksight:DescribeFolderPermissions", "quicksight:UpdateFolderPermissions", "quicksight:CreateFolderMembership", "quicksight:DeleteFolderMembership", "quicksight:CreateFolder" ], "Principal":"arn:aws:quicksight:us-east-1:AWSACCOUNTID:user/default/my-user" } ]' ``` After you share the folder with a new principal, validate the new folder permissions with a `describe-folder-permissions` API call. ``` aws quicksight describe-folder-permissions \ --aws-account-id "AWSACCOUNTID" \ --region "us-east-1" \ --folder-id "eastcoast-users" \ --namespace "default" ``` After you validate the new folder permissions, create a subfolder within the scaled folder. The subfolder inherits the permissions of the scaled folder that it's created in. ``` aws quicksight create-folder \ --aws-account-id "AWSACCOUNTID" \ --region "us-east-1" \ --name "new-york-users" \ --sharing-model "NAMESPACE" \ --folder-id "new-york-users" \ --parent-folder-arn "arn:aws:quicksight:us-east-1:AWSACCOUNTID:folder/eastcoast-users" ``` The following example validates the inherited permissions of the new subfolder. ``` aws quicksight describe-folder-resolved-permissions \ --aws-account-id "AWSACCOUNTID" \ --region "us-east-1" \ --folder-id "new-york-users" \ --namespace "default" ``` After you validate the permissions of the subfolder, add the Quick Sight asset that you want to share to the folder. After you add the asset to the subfolder, the asset is shared with every principal that the subfolder is shared with. The following example adds a dashboard to a subfolder. ``` aws quicksight create-folder-membership \ --aws-account-id "AWSACCOUNTID" \ --folder-id "new-york-users" \ --member-id "my-dashboard" \ --member-type "DASHBOARD" \ --region "us-east-1" ```