A user role is a collection of specific permissions that apply to all users who have that role. When a user has more than one role, they are granted the permissions from each role. Permissions define what a user can see and do in Qlik Sense.
Permissions in the Management Console
Admin users with access to the Users section of the Management Console can access the Permissions tab. This view shows the user role assignments that are available in the tenant, the description of each user role, and the type of user role. From the Permissions tab of the Users section, click , the at the end of an assignment row to see all users who are assigned this role.
The Users tab lists the users that have been assigned this role. Here, you can select users from the list to assign and unassign this role to users.
The Groups tab lists the groups that have been assigned this role. Groups are defined through your identity provider. They are not created from the Management Console. Here, you can select groups from the list to assign and unassign this role to groups. When you assign a user role to a group, every member of that group is granted the permissions defined by that user role.
If a user is added to the tenant individually, and they are included in a group through the identity provider, it is possible that user is assigned the same role twice: once from their user assignment and once from their group assignment. To remove a user assignment for such a user, you must unassign the role from both the Users and Groups tab.
Permissions that make up user roles
Users with this role are full tenant administrators and have very few limitations in what they can do in the tenant, with the exception of creating API keys, which requires a developer role. A tenant administrator manages all aspects of the tenant, which includes assigning user roles to other users. A tenant admin can also assign and delete their own user roles.
Tenant administrators are the only administrators who can make edits in other users' personal space. They can do the following:
Apps: list, open, delete, and export (download).
Data connections: list, edit, delete, and open for app reload.
They can also open (read) data files for app reload.
Anyone who is provided with the tenant admin role may be provided with access to:
Information (which may include personal information) relating to all users in the tenant to which the tenant admin role is assigned; and
The subject (which is a unique string used to identify the user that is provided to Qlik Cloud by the configured Identity Provider) for users of other tenants which share the same Qlik license or subscription as the tenant on which the tenant admin role is assigned.
Users with this role are administrators with limited permissions to manage only some areas of Governance and Content. In the Management Console, they can access only the areas for which they have permissions. The table below lists all of the permissions that are granted with this role.
Information noteIf the app is not published, the analytics administrator can also export the app, change the space of the app, and change the owner of the app.
|Shared apps||List, Delete|
|Managed apps||List, Delete|
|Generic links||List, Create, Update, Delete|
|Data sets||List, Update, Delete|
|Data assets||List, Update, Delete|
|Private data files||Create, Read, Update|
|REST data files||List, Delete|
|Data connections||List, Delete|
|Shared spaces||Create, Read, Delete, Update|
|Managed spaces||Create, Read, Delete, Update|
|Extensions||Create, Read, Delete, Update|
|Automations||Enable, Disable, Delete, Change Owner|
|Themes||Create, Read, Delete, Update|
|Sharing service task||Create, Read, Delete, Update|
Users who are assigned this role, in addition to the Developer role, can access app feedback and usage information captured as part of the Natural Language API. An audit administrator can view a variety of usage metrics for Insight Advisor and Insight Advisor Chat. This API enables evaluation of patterns in user interactions with apps, including feedback provided for analyses generated by Insight Advisor and Insight Advisor Chat. This information can be used to improve user experience through adjustments to the app, either within the data or in the app's business logic.
This API only returns app information from shared and managed spaces. An audit administrator does not have access to usage metrics data for personal spaces.
To view the usage metrics of an app, an audit administrator also requires one of the following permissions in the space in which the app is located:
Has restricted view
For more information about how Insight Advisor user interaction data can be used to improve app usability, see Using feedback and usage metrics to improve app usability. For specifics about the Natural Language API, see Natural language.
For a tutorial on using the Natural Language API, see Collect and share Insight Advisor feedback.
|Filter action of the Natural Language API||Read|
Users with this role are administrators with limited permissions for data spaces and data resources within those spaces. The table below lists all of the permissions that are granted with this role. In the Management Console, they can access only the areas for which they have permissions.
|Private data integration apps||
List, Read, Delete, Change owner
|Shared data integration apps||List, Create, Read, Update, Delete, Operate, Change owner|
|Private data sets||List, Read|
|Data integration data sets||List, Create, Read, Update, Delete|
|Private data assets||List, Read|
|Data integration data asset||List, Create, Read, Update, Delete|
|Private resource connection||List, Read|
|Data integration resource connection||List, Create, Read, Update, Delete|
|Private data store||List, Read|
|Data integration data store||List, Create, Read, Update, Delete|
|Data integration space||Create, Read, Update, Delete|
Space creator roles
Users with one of the space creator roles have the permission to create a space of that type from the hub. The table below lists all of the permissions that are granted with this role.
|Resources||Shared Space Creator||Managed Space Creator||Create Data Integration Spaces|
|Data integration spaces||Create|