Skip to main content Skip to complementary content
Qlik Resources
Announcements

Assigning user roles

User roles provide a set of tenant-level permissions to users, beyond the general permissions granted by the user allocations. User roles let you grant a user a specific role or function in the tenant. Only a tenant administrator can assign roles to users, and this can only be done from the Management Console. User roles are optional and do not need to be assigned to any or all users. For users who have no user role, their permissions are based on their user allocation.

Information note See Assigning user allocations to learn about the different types of user allocation, and see Managing permissions in managed spaces and Managing permissions in shared spaces to learn about space-level permissions. For more information, see Trust and Security at Qlik.

User roles in the Management Console

Admin users with access to the Users section of the Management Console can access the All Users tab. This view shows a list of users that have been added or invited to the tenant. Click The UI icon showing three dots TO activate or deactivate the user, to assign and edit user roles, and to revoke mobile access if it has been granted.

View of users section on Management console

What is a user role

A user role is a set of permissions that are granted to a user in addition to the permissions granted to them with their user allocation. User roles are divided into administrator roles and user roles. Users with administrator roles are granted some administrative permissions. Users with user roles have permissions to create specific types of resources. By assigning user roles to users, you can better organize your users and what they can do in the tenant.

You can assign the following roles:

User roles
User role Type Permissions Access granted with user role
Tenant Admin Administrator An administrator with full permissions to manage and administer all aspects of the tenant. See Tenant administrator. Access to Management Console from Launcher
Analytics Admin Administrator An administrator with limited permissions to manage only some areas of governance and content. See Analytics administrator. Access to Management Console from Launcher
Audit Admin Administrator An administrator with limited permissions, including access to events and data from the Natural Language API (Developer role also needed). Access to Management Console from Launcher
Data Admin Administrator Administrator with limited permissions to manage only data spaces. See Data administrator. Access to Management Console from Launcher
Shared Space Creator User A user who can create shared spaces. Create space option under Add new button in hub
Managed Space Creator User A user who can create managed spaces. Create space option under Add new button in hub
Data Space Creator User A user who can create data spaces. Create space option under Add new button in hub
Developer User A user who can generate API keys. API Keys option under User Profile menu
Information noteBy default, all users with a professional user allocation can create shared spaces. The tenant administrator can turn off this setting in the Management Console. Go to Settings > Entitlements, then toggle off the Professional entitlements can create shared spaces option. All users who obtain the SharedSpaceCreator role as a result of the Professional entitlements can create shared spaces option being turned on retain that role until an admin user manually removes the role.

How user roles interact with user allocation

Users who join the tenant are assigned a user allocation, either professional or analyzer. See Assigning user allocations for more information. User allocations divide users into content consumers and content creators. The user allocation also determines which areas of the tenant are visible to a user.

  • Analyzer users are strictly content consumers, as a result, the Add New button is hidden from their view.

  • Professional users are both content consumers and content creators, which means they have access to the Add New button. This lets them create new resources like apps and spaces.

However, user roles provide additional permissions beyond user allocation permissions. For example, an analyzer user who is assigned a space creator role will gain access to the Add New button to create a space.

Information noteWhen designing your permission structure, provide professional user allocation to any user who will be assigned a specific user role.

How user roles interact with the data integration subscription

The data integration subscription gives you access to the data integration home, and roles specifically designed for data admins and data spaces.

Assigning user roles

User roles are assigned to users in the Management Console, and only users that have a Tenant Admin role can assign user roles.

Do the following:

  1. In the Management Console, go to the Users section.
  2. Either:
    1. Click the Three dots button on the user row.
    2. Check the box beside the user.
  3. Click Edit roles.
  4. On the User tab, select the user roles you want to assign.
  5. On the Admin tab, select the user roles you want to assign.
  6. Click Save.
Information note If the user is logged in when they are assigned a user role, they must log out and log in again for the user role to be applied.