Setting permissions for metered reporting features

Tenant administrators configure permissions to control whether users have full, partial, or no access to the value-add capabilities of the Qlik Reporting Service. If a user is granted access to the functionality, their access to reporting resources — apps with report tasks, reporting automations, and so on — is further managed by built-in security roles assigned by administrators, as well as their roles in the associated spaces.

What are metered reporting features?

Metered reporting features are the value-add capabilities of the Qlik Reporting Service, which are available within Qlik Cloud subscriptions. They are:

In-app reporting, including on-demand reporting
Reporting with Qlik Automate
Usage of the Qlik Reporting Service API for metered operations. This excludes using the API for other functionality, such as subscriptions and downloads of app content.

About the Generate all reports permission

The Generate all reports permission controls whether a user has full, partial, or no access to the value-add capabilities of the Qlik Reporting Service. The Generate all reports permission is used in conjunction with space roles and built-in security roles to control user access to reporting functionality. See Other permission interactions.

The Generate all reports permission does not control user access to subscriptions. You can turn subscriptions off for the entire tenant in the Administration activity center, in the Settings section. See Toggling availability of subscriptions.

The Generate all reports permission is configured in the baseline permissions that apply to all users in the tenant (User Default), as well as custom security roles. To learn how to assign permissions via the User Default and custom roles, see:

Roles and permissions for users and administrators (capacity-based subscriptions)
Roles and permissions for users and administrators (user-based subscriptions)

For a list of available permissions in the User Default and custom roles, see:

Permissions in User Default and custom roles (capacity-based subscriptions)
Permissions in User Default and custom roles (user-based subscriptions)

Options for the Generate all reports permission are described below.

Allowed

Users can configure and generate all types of reports available with value-add capabilities of the Qlik Reporting Service. This includes:

In-app reporting, including on-demand reporting. This includes:
- Viewing and using the Reporting section in analytics apps.
- Generating on-demand reports in analytics apps.
Reporting with Qlik Automate.
Usage of the Qlik Reporting Service API for metered operations.

On-demand reports

Users can only configure and generate reports using on-demand reporting and the Qlik Reporting Service API. They are blocked from:

Viewing and using the Reporting section in analytics apps.
Executing automations that use the Qlik Reporting Service.

Not allowed

Users cannot work with any value-add capabilities of the Qlik Reporting Service.

In other words, these users are blocked from:

Viewing and using the Reporting section in analytics apps.
Executing automations that use the Qlik Reporting Service.

Effect on tenant administrators

The access controls provided by the Generate all reports permission also apply to tenant administrators. In other words, to use a metered reporting feature, a tenant administrator also needs the appropriate Generate all reports permission level. Tenant administrators can administer user report tasks and subscriptions in the Subscriptions section of the Administration activity center without any Generate all reports permissions.

Use cases

Administrators can use the Generate all reports permission to achieve granular access control based on different user scenarios. The following workflow can be used:

Set the user default permission level to On-demand reports. This allows all users to generate on-demand reports while analyzing apps, but restricts access to report development features.
For report developers, raise the permission level to Allowed by creating a custom role and assign it to these users. This gives these users full access to report development features.
For most reporting features, space roles provide an additional layer of control to specific content. Access to specific content — in particular, apps used for reporting — can be managed both by users and administrators.

Other permission interactions

Built-in security roles

The Private Analytics Content Creator role is a built-in security role. This role is assigned by tenant administrators. Users working with reporting in their personal spaces will need this role. See:

Assigning security roles and custom roles (capacity-based subscriptions)
Assigning security roles and custom roles (user-based subscriptions)

Space roles

In addition to permissions in the User Default and custom roles, user access to reporting is further controlled by the user's role in the space containing the analytics content. See Space permissions for in-app reporting and Space permissions for reporting with Qlik Automate.

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – please let us know!

Leave your feedback here