AWS QuickSight Connector

Amazon QuickSight is a data visualization service that creates interactive and shareable dashboards and reports from various data sources. 

OvalEdge uses SDK Driver to connect to the data source, which allows the user to crawl and build lineage. 

Note: QuickSight connects to the RDBMS database, retrieves the schema details, and displays them as reports in OvalEdge.

Connector Capabilities

The following is the list of objects and data types supported by the QuickSight connector.


Support Data Objects


  • Analysis
  • Dashboards
  • Sheets


  • Analysis
  • Dashboards
  • Lineage Sources: RDBMS schemas

Note: Profiling is not supported. 


The following are the prerequisites to establish a connection to QuickSight:

  1. SDK Details
  2. Service Account Permissions
  3. Configure environment variables (Optional)

SDK Details


Item List




SDK for JAVA 1.12.661 

Service Account Minimum Read Permissions 

The following are the minimum privileges required for a service account user.


Minimum Access Permission 

Connection Validation

The service account must have Read permission.

Configure Environment Variables (Optional)

This section describes the settings or instructions that you should be aware of before establishing a connection. If your environments have been configured, skip this step.

Configure Environment Names

The Environment Names allow you to select the environment configured for the specific connector from the dropdown list in the Add Connector pop-up window.

You might want to consider crawling the same schema in both stage and production environments for consistency.

The typical environments for crawling are PROD, STG, or Temporary, and may also include QA or other environments. Additionally, crawling a temporary environment can be useful for schema comparisons, which can later be deleted, especially during application upgrades.

Steps to Configure the Environment 

  1. Log into the OvalEdge application. 
  2. Navigate to AdministrationSystem Settings.
  3. Select the Connector tab.
  4. Find the key name “connector.environment”.   
  5. Enter the desired environment values (PROD, STG) in the Value column.
  6. Click ✔ to Save.

Establish a Connection

In the OvalEdge application, the QuickSight connector allows you to crawl the Dashboards and Sheets using IAM User Authentication and Role-Based Authentication.

  • IAM User Authentication: AWS Identity and Access Management(IAM) authentication is used to crawl objects and access permissions on the bucket and its objects. You can create and configure IAM user policies to control user access to Amazon QuickSight. An IAM user belongs to one particular user. Building a connection successfully requires a secret key and an access key. 
  • Role-Based Authentication: Amazon Resource Name(ARN) is a unique identification name for AWS resources such as Analysis, Dashboard, and Sheets. In AWS, roles are identified using ARN, and no Secret Key or Access Key is required. Resource ARNs can include a path. For example, in Amazon QuickSight, the resource identifier is an object name that can include slashes (/) to form a path. This will help access multiple applications within QuickSight. 

To connect to QuickSight using the OvalEdge application, complete the following steps:

  1. Log into the OvalEdge application.
  2. Navigate to Administration > Connectors module.
  3. Click on the "+” (New Connector) button enabled at the top right of the page.
  4. Add Connector pop-up window is displayed where you can search for the QuickSight connector.
  5. The Add Connector with Connector Type specific details pop-up window is displayed. Enter the relevant information to configure the QuickSight connection.

Field Name


Connector Type

The selected connection type, QuickSight, is displayed by default.

If required, the drop-down menu allows you to change the connector type; based on the selection of the connection type, the fields associated with the selected connection type are displayed.


The QuickSight connector allows you to crawl the Dashboards and Sheets using IAM User Authentication and Role-Based Authentication.

Credential Manager*

Select the option from the drop-down menu to indicate where you want to save your credentials:

OE Credential Manager: QuickSight’s on-premise connection is configured with the basic Username and Password of the service account in real-time when OvalEdge establishes a connection to the QuickSight database. If the OE Credential Manager option is selected, users need to add the credentials manually.

HashiCorp: The credentials are stored in the HashiCorp database server and fetched from HashiCorp to OvalEdge.

AWS Secrets Manager: The credentials are stored in the AWS Secrets Manager database server; OvalEdge fetches of the credentials from the AWS Secrets Manager.

Azure Key Vault: Azure Key Vault allows for secure storage and strict access mechanisms of sensitive information such as tokens, passwords, certificates, API keys, and other confidential data.

For more information on Azure Key Vault, refer to Azure Key Vault

For more information on Credential Manager, refer to Credential Manager

Credential Manager ConnId*

Enter Credential Manager ConnId.

The connection is validated based on the specific connection ID of the credential manager (Azure Key Vault, HashiCorp, and AWS Secrets Manager).

License Add-Ons

All of the connectors will have a Base Connector License by default, which allows you to crawl and profile to obtain metadata and statistical information from a data source. 

OvalEdge supports various License Add-Ons based on the connector’s functionality requirements:

  • Select the Auto Lineage Add-On license that enables the automatic construction of the Lineage of data objects for a connector with the Lineage feature.

Connector Name*

Select a Connection name for QuickSight. The name you specify is a reference name that makes it easy to identify QuickSight in OvalEdge.

Example: Customers

Connector Environment

The environment drop-down menu allows you to select the environment configured for the connector from the drop-down list (for example, PROD or STG).

The purpose of the environment field is to help users understand that the new connector is established in an environment that is available at the Production, STG, and QA levels.

Note: The steps to set up environment variables are explained in the prerequisite section above.

Role-Based Authentication-Specific Parameters

Cross Account Role ARN

A Cross Account Role ARN refers to an IAM role's Amazon Resource Name (ARN) that allows an AWS account to access resources (like QuickSight) in another AWS account. 

Enter the Cross Account Role ARN Name.

Example: CrossAccountquicksight

Database Region

The Region refers to the specific geographical location where your Amazon QuickSight resides. Specify the region to ensure the connector interacts with the correct QuickSight location.

Example: us-east-1

Filter by tags

Specify tags as filters to limit the scope of objects the connector will interact with.

Example: Dashboards

IAM User Authentication-Specific Parameters

Access key*

Enter a unique identifier that is part of the credential pair, like a username.

Secret key*

A secret, like a password, is used to sign requests to AWS.

Database Region

The Region refers to the specific geographical location where your Amazon QuickSight resides. Specify the region to ensure the connector interacts with the correct  QuickSight location.

Example: us-east-1

Filter by tags

Specify tags as filters to limit the scope of objects the connector will interact with.

Example: Dashboards

Account ID*

The Account ID refers to the unique identifier assigned to an AWS (Amazon Web Services) account. When setting up a connection to an Amazon QuickSight, the Account ID is used to identify the specific AWS account that owns the QuickSight you want to connect to.

Enter the 12-digit Account ID number that is unique to each AWS account.

Default Governance Roles*

The admin will select a specific user or team from the governance roles (Steward, Custodian, Owner, Governance Role 4, Governance Role 5, Governance Role 6) assigned to the data asset. 

The dropdown list displays all the configurable roles (single user or team) according to the configurations made in OvalEdge.

Admin Roles*

Select the required admin roles for this connector.

  • To add Integration Admin Roles, search for or select one or more roles from the Integration Admin options list and then click the Apply button.
    The Integration Admin is responsible for:
    • Configuring crawling and profiling settings for the connector
    • Deleting connectors, schemas, and/or data objects.
  • To add Security and Governance Admin roles, search for or select one or more roles from the Security and Governance Admin options list and then click on the Apply button.
    The security and Governance Admin is responsible for:
    • Configuring role permissions for the connector and its associated data objects.
    • Adding admins to set permissions for roles on the connector and its associated data objects.
    • Updating governance roles.
    • Creating custom fields.
    • Developing Service Request templates for the connector.
    • Creating Approval workflows for the templates.

No of Archive Objects*

The number of archive objects indicates the number of recent metadata modifications made to a dataset at a remote/source location. The archive objects feature is deactivated by default. However, users may enable it by clicking the Archive toggle button and specifying the number of objects they wish to archive. 

Select Bridge*

With the OvalEdge Bridge component, any cloud-hosted server can connect with any on-premise or public cloud data source without modifying firewall rules. A bridge provides real-time control that makes it easy to manage data movement between any source and destination. 

For more information, refer to Bridge Overview.

Important: * (asterisk) indicates the mandatory field to create a connection. 

After filling in all the connection details, select the appropriate button based on your preferences. 
    1. Validate: Click on the Validate button to verify the connection details. This ensures that the provided information is accurate and enables successful connection establishment.
    2. Save: Click on the Save button to store the connection details. Once saved, the connection will be added to the Connectors home page for easy access.
    3. Save & Configure: For certain Connectors that require additional configuration settings, click on the Save & Configure button. This will open the Connection Settings pop-up window, allowing you to configure the necessary settings before saving the connection.
Once the connection is validated and saved, it will be displayed on the Connectors home page.

Connection Validation Errors 


Error Message(s)




This alert message is displayed when the information entered in the required fields is incorrect.

Note: If you have any issues creating a connection, please contact your assigned OvalEdge Customer Success Management (CSM) team.

Connector Settings

Once the connection is validated successfully, various settings are provided to retrieve and display information from the data source.

To view the Connector Settings page,

  1. Go to the Connectors page.
  2. From the nine dots, select the Settings option.
  3. The Connector Settings page is displayed, where you can view all the connector setting options.
    Click Save Changes. All the settings will be applied to the metadata.

The following is a list of connection settings along with their corresponding descriptions:

Connection Settings



The crawler connects to a data source to access metadata stored in the data source. When OvalEdge connects to a data source, it collects and catalogs all the data elements (i.e., metadata) and stores them in the OvalEdge database. The Integration Admin can select several options to crawl the data source system. The crawler setting consists of Crawler Options and Crawler Rules.

Access Instruction

Access instruction refers to instructions or related information about a data source. Users can share this information in various forms, such as links, images, or videos, offering essential details about a specific connector. When the Integration Admin adds instructions for a particular connection in the Access Instruction settings page, the access instruction is displayed on the Data Catalog > Data Objects summary page after crawling is completed.

Business Glossary Settings

The Business Glossary setting provides flexibility and control over how users view and manage term associations within the context of a business glossary at the connector level. 


The lineage settings allow you to configure multiple dialects (by selecting Source Server Type for lineage) and connection priority lists to pick the tables to build lineage.


To receive notifications for changes in object metadata, configure the 'Send Metadata Changes Notifications' settings. Depending on the selections, Owners, Stewards, Custodians, and additional Governance Roles can receive notifications per the configuration.
The OvalEdge Browser Extension leverages the Context URL to associate OvalEdge with specific URL addresses, which enables the browser to recognize the site and fetch metadata results from the OvalEdge catalog even when the Browser Extension is used outside the OvalEdge application.

Crawling Report Group Names

A Crawl/Profile button allows you to select one or more  Report Group Names for crawling. 

  1. Navigate to the Connectors page and click Crawl/Profile. This allows you to select the Report Groups to be crawled.
  2. The Crawl option is selected by default. 
  3. Click the Run button to gather all metadata from the connected source and put it into the OvalEdge Data Catalog. After a successful crawl, all the information is displayed in the Data Catalog > Report / Report Column Tab.
    Note: For more information on Scheduling, refer to Scheduling Connector

Copyright © 2024, OvalEdge LLC, Peachtree Corners GA USA