Assigning security roles and custom roles

Security roles and custom roles provide a set of tenant-level permissions to users and administrators. As a tenant administrator, you can assign roles manually from the Administration activity center or set up automatic role assignment.

This topic is applicable to the Standard, Premium, and Enterprise editions of Qlik Cloud Analytics and Qlik Talend Data Integration. If you have a Qlik Sense Enterprise SaaS, Qlik Sense Business, or Qlik Cloud Government subscription, see Managing users - User-based subscriptions.

Security roles control actions and access rights for users and administrators in the tenant. In addition to the tenant-level roles, there are also space roles that control user actions on content within spaces. For more information about the different types of roles, see Roles and permissions for users and administrators.

You can assign roles to individual users or groups of users from the Administration activity center.

If users are logged in when they are assigned a role, they must log out and log in again for the role to be applied.

Assigning security roles and custom roles to users

Tenant administrators can assign security roles from the All users tab or the Permissions tab and custom roles from the Permissions tab on the Manage users pane in the Administration activity center.

Assigning a role from the All users tab

The All users tab shows a list of users who have been added or invited to the tenant. You can select one or more users to see all roles assigned to them.

Do the following:

In the Administration activity center, go to Manage users > All users.
Select one or more users and click Manage roles.
In the Manage roles dialog, select the roles you want to assign from the tabs for user and admin roles.
Click Save.

The users will be assigned the role at their next login.

In the Manage roles dialog, icons indicate if a role is already assigned to a user through:

Group assignment: The role is assigned to a group that the user is a member of. Hover over the icon to view a tooltip showing the groups.

Role assigned to a user through group membership.
Auto-assign: The role is automatically assigned to all users in the tenant.

Role automatically assigned to all users in the tenant.

Assigning a role from the Permissions tab

On the Permissions tab, you see all available security roles and custom roles. You can select a role to see all users assigned to this role.

Do the following:

In the Administration activity center, go to Manage users > Permissions.
Click the arrow on the role you want to assign.

Assigning a role from the Users tab.
On the Users tab, click Assign.
Search for users by name or email and add them to the list.
Click Assign.

The users will be assigned the role at their next login.

Assigning security roles and custom roles to groups

Groups are defined through your identity provider or created from the Administration activity center. Tenant administrators can assign security roles and custom roles to groups from the Permissions tab on the Manage users pane in the Administration activity center. When you assign a role to a group, every member of that group is granted the permissions defined by the role.

Do the following:

In the Administration activity center, go to Manage users > Permissions.
Click the arrow on the role you want to assign.

Assigning a role from the Groups tab.
On the Groups tab, click Assign.
Search for groups by name and add them to the list.
Click Assign.

The group members will be assigned the role at their next login.

If users have roles assigned both individually and through group memberships, they might end up with duplicate role assignments. To remove a role from users, ensure that you unassign it from both the Permissions > Users tab and the Permissions > Groups tab.

Assigning security roles and custom roles to everyone in the tenant

Tenant administrators can assign security roles and custom roles to all users in the tenant from the Auto assign column on the Permissions tab in the Administration activity center. A role assigned to a user this way is removed from the user if you set the value in the column to Off.

If your license includes both Full Users and Basic users, assigning a role to everyone will promote all users in the tenant to Full Users. The exception is the Embedded Analytics User role, which does not trigger this promotion.

Do the following:

In the Administration activity center, go to Manage users > Permissions.
Find the role you want to assign to everyone and select Anyone at <your tenant name> in the Auto assign column.

Assigning a role to everyone with the Auto assign option.

All users will be assigned the role at their next login.

For new tenants, the following roles are automatically assigned to all users by default:

Automation Creator
Data Services Contributor
Steward
Private Analytics Content Creator
Shared Space Creator
Automl Experiment Contributor
Automl Deployment Contributor

Additionally, the following roles are automatically assigned through toggles in the Settings > Entitlements section of the Administration activity center:

Shared Space Creator
Private Analytics Content Creator
Data Services Contributor

These toggles differ from the Auto assign option in the following ways:

Auto assign option:
- The role is assigned while the option is on and removed when turned off.
- Applies to all users, which means that enabling this option will promote all Basic Users to Full Users.
Settings > Entitlements toggle:
- The role remains assigned until manually removed, even if the toggle is turned off.
- Applies to users with Full User entitlement only.

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – let us know how we can improve!

Leave your feedback here