Skip to main content Skip to complementary content
Qlik Resources

Assigning security roles

Security roles provide a set of tenant-level permissions to users and administrators. As a tenant administrator, you can assign roles manually from the Management Console or set up automatic role assignment.

Information noteThis topic is applicable to the Standard, Premium, and Enterprise editions of Qlik Cloud Analytics and Qlik Cloud Data Integration. If you have a Qlik Sense Enterprise SaaS, Qlik Sense Business, or Qlik Cloud Government subscription, see Managing users - User-based subscriptions.

Security roles control actions and access rights for users and administrators in the tenant. In addition to the tenant-level roles, there are also space roles that control user actions on content within spaces. For more information about space roles, see Managing permissions in shared spaces, Managing permissions in managed spaces, and Data space roles and permissions.

You can assign roles to individual users or groups of users from the Management Console.

Assigning security roles to users

The Users section in the Management Console has two tabs. Tenant administrators can assign security roles from the All users tab or from the Permissions tab.

Information note If the user is logged in when they are assigned a security role, they must log out and log in again for the role to be applied.

The All users tab shows a list of users who have been added or invited to the tenant. You can select one or more users to see all roles assigned to them.

Do the following:

  1. In the Management Console, go to Users > All users.

  2. Select one or more users and click Edit roles.

  3. In the Edit roles dialog, select the roles you want to assign on the User tab or Admin tab.

  4. Click Save.

On the Permissions tab, you see all available security roles. You can select a role to see all users assigned to this role.

Do the following:

  1. In the Management Console, go to Users > Permissions.

  2. Click the arrow Arrow down on the security role you want to assign.

  3. On the Users tab, click Assign.

  4. Search for users by name or email and add them to the list.

  5. Click Assign.

Assigning security roles to groups

Groups are defined through your identity provider and not created from the Management Console. Tenant administrators can assign security roles to groups from the Permissions tab in the Management Console. When you assign a role to a group, every member of that group is granted the permissions defined by the role.

Information note If the user is logged in when they are assigned a security role, they must log out and log in again for the role to be applied.

Do the following:

  1. In the Management Console, go to Users > Permissions.

  2. Click the arrow Arrow down on the security role you want to assign.

  3. On the Groups tab, click Assign.

  4. Search for groups by name and add them to the list.

  5. Click Assign.

Information noteIf you add users to the tenant individually and they are included in a group through the identity provider, it is possible that user is assigned the same role twice: once from their user assignment and once from their group assignment. To remove a user assignment for such a user, you must unassign the role from both the Users tab and the Groups tab.

Assigning security roles to everyone in the tenant

Tenant administrators can assign security roles to all users in the tenant from the Auto assign column on the Permissions tab in the Management Console. A role assigned to a user this way is removed from the user if you set the value in the column to Off.

Information noteIf your license includes both Full Users and Basic users, assigning a security role to everyone will promote all users in the tenant to Full Users. The exception is the Embedded Analytics User role, which does not trigger this promotion.

Do the following:

  1. In the Management Console, go to Users > Permissions.

  2. Find the security role you want to assign to everyone and select Anyone at <your_tenant_name> in the Auto assign column.

    All users will now be assigned the role the next time they log in.

For new tenants, the following roles are automatically assigned to all users by default:

  • Automation Creator

  • Data Services Contributor

  • Steward

  • Private Analytics Content Creator

  • Shared Space Creator

What is a security role

A security role is a set of permissions that are granted to a user. Security roles are divided into administrator roles and user roles. Security roles are divided into administrator roles and user roles. Administrator roles enable management of tenant-wide functions that affect governance, performance, and security. User roles enable actions on resources, such as editing apps or opening data files. By assigning roles to users, you can better organize your users and what they can do in the tenant.

You can assign the following security roles. For more information about the permissions granted with each role, see Permissions granted by security roles.

Security roles
Role Type Permissions Access granted with role
Tenant Admin Administrator An administrator with full permissions to manage and administer all aspects of the tenant. Access to Management Console from the launcher menu
Analytics Admin Administrator An administrator with limited permissions to manage only some areas of governance and content. Access to Management Console from the launcher menu
Audit Admin Administrator An administrator with limited permissions, including access to events and data from the Natural Language API (Developer role also needed). Access to Management Console from the launcher menu
Data Admin Administrator Administrator with limited permissions to manage only data spaces. Access to Management Console from the launcher menu
Developer User A user who can generate API keys. API keys option on the user profile menu
Data Space Creator User A user who can create data spaces. Create space option under the Add new button in hub
Managed Space Creator User A user who can create managed spaces. Create space option under the Add new button in hub
Shared Space Creator User A user who can create shared spaces. Create space option under the Add new button in hub
Data Services Contributor User A user who has access to Data Integration services Access to Data Integration from the launcher menu
Private Analytics Content Creator User A user who can create private analytics content. Personal space option in the Space list when adding new content
Automation Creator User A user who can create private automations. New automation option under the Add new button in the hub.
Collaboration Platform User User A user who can communicate with Qlik Cloud through external collaboration platforms. Can add external environments and use these environments to communicate with their Qlik Cloud apps.
Steward User A user who can create, update, and delete a glossary, and approve, edit, and delete terms. Create glossary option under the Add new button in hub.
Embedded Analytics User User

A user who can only access Qlik Sense apps directly in embedded use cases, blocking access to the hub and other interfaces.

 This role restricts access to all other parts of Qlik Cloud.

How security roles interact with the Data Integration subscription

The Data Integration subscription gives you access to the Data Integration home and to security roles specifically designed for data admins and data spaces.

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – let us know how we can improve!

Leave your feedback here