Skip to main content Skip to complementary content
Qlik Resources

Assigning security roles and custom roles

Security roles and custom roles provide a set of tenant level permissions to users and administrators, beyond the general permissions granted by the user entitlements. These roles are optional. For users who have not been assigned any roles, their permissions are based on their user entitlement.

Information noteThis topic is applicable to Qlik Sense Enterprise SaaS, Qlik Sense Business, and Qlik Cloud Government. If you have a subscription for the Standard, Premium, or Enterprise edition of Qlik Cloud Analytics or Qlik Cloud Data Integration, see Managing users - Capacity-based subscriptions.

Security roles control actions and access rights for users and administrators in the tenant. In addition to the tenant-level roles, there are also space roles that control user actions on content within spaces. For more information about the different types of roles, see Roles and permissions for users and administrators.

You can assign roles to individual users or groups of users from the Management Console.

Information note If users are logged in when they are assigned a role, they must log out and log in again for the role to be applied.

Assigning security roles and custom roles to users

The Users section in the Management Console has two tabs. Tenant administrators can assign security roles from the All users tab or the Permissions tab and custom roles from the Permissions tab.

The All users tab shows a list of users who have been added or invited to the tenant. You can select one or more users to see all roles assigned to them.

Do the following:

  1. In the Management Console, go to Users > All users.

  2. Select one or more users and click Edit roles.

  3. In the Edit roles dialog, select the security roles you want to assign on the User tab or Admin tab.

  4. Click Save.

    The users will be assigned the role at their next login.

On the Permissions tab, you see all available security roles and custom roles. You can select a role to see all users assigned to this role.

Do the following:

  1. In the Management Console, go to Users > Permissions.

  2. Click the arrow Arrow down on the role you want to assign.

  3. On the Users tab, click Assign.

  4. Search for users by name or email and add them to the list.

  5. Click Assign.

    The users will be assigned the role at their next login.

Assigning security roles and custom roles to groups

Groups are defined through your identity provider and not created from the Management Console. Tenant administrators can assign security roles and custom roles to groups from the Permissions tab in the Management Console. When you assign a role to a group, every member of that group is granted the permissions defined by the role.

Do the following:

  1. In the Management Console, go to Users > Permissions.

  2. Click the arrow Arrow down on the role you want to assign.

  3. On the Groups tab, click Assign.

  4. Search for groups by name and add them to the list.

  5. Click Assign.

    The group members will be assigned the role at their next login.

Information noteIf you add users to the tenant individually and they are included in a group through the identity provider, it is possible that the user is assigned the same role twice: once from their user assignment and once from their group assignment. To remove a user assignment for such a user, you must unassign the role from both the Permissions > Users and Groups tabs.

Assigning security roles and custom roles to everyone in the tenant

Tenant administrators can assign security roles and custom roles to all users in the tenant from the Auto assign column on the Permissions tab in the Management Console. A role assigned to a user this way is removed from the user if you set the value in the column to Off.

Do the following:

  1. In the Management Console, go to Users > Permissions.

  2. Find the role you want to assign to everyone and select Anyone at <your tenant name> in the Auto assign column.

    All users will be assigned the role at their next login.

For new tenants, the following roles are automatically assigned to all users by default:

  • Automation Creator

  • Data Services Contributor

  • Steward

  • Private Analytics Content Creator

  • Shared Space Creator

  • Automl Experiment Contributor

  • Automl Deployment Contributor

The Settings pane in the Management Console also has toggles for automatically assigning certain roles (Shared Space Creator, Private Analytics Content Creator, and Data Services Contributor). Those toggles are slightly different from the Auto assign option:

  • A role assigned to a user by the Auto assign option on the Users > Permissions tab is kept only as long as the toggle is turned on. The role will be removed from the user as soon as the toggle is turned off. The role is assigned to users with Professional and Analyzer entitlement.

  • A role assigned to a user by the toggle under Settings is kept until manually removed from the user—even if the toggle is turned off. The role is only assigned to users with Professional entitlement.

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – let us know how we can improve!

Leave your feedback here