User Default settings and custom roles control permissions for users and administrators. User Default defines a baseline for all users, while custom roles allow more specific permissions for selected users or groups. The table below lists all available settings, with additional details in the sections that follow.
Information noteThis topic is applicable to Qlik Sense Enterprise SaaS, Qlik Sense Business, and Qlik Cloud Government. If you have a subscription for the Standard, Premium, or Enterprise edition of Qlik Cloud Analytics or Qlik Talend Data Integration, see Managing users - Capacity-based subscriptions.
Understanding User Default permissions
The User Default permissions act as a tenant-wide baseline profile, applying a standard set of permissions to all users in the tenant by default. Administrators can modify the User Default settings to remove certain permissions for everyone, effectively restricting broad access.
Understanding custom roles
To grant more specific or elevated permissions, custom roles are used. These roles allow administrators to selectively assign permissions to individual users or groups, overriding the restrictions set by the User Default role. This approach provides a granular and controlled way to manage access—first by limiting general permissions through the User Default role, and then by granting necessary access only to selected users or groups via custom roles.
Permission hierarchy
Default permissions and custom roles, along with built-in security roles, control user and administrator access at the tenant level. Additionally, space roles control user actions on content within specific spaces. For more information about the different types of roles, see Roles and permissions for users and administrators.
Permission settings
The following sections list the permissions available in the User Default or custom role settings.
For custom roles, you will also have the option to inherit the User Default permission, shown as "User default (permission setting)"—for example, "User default (Not allowed)". This means that the setting in the custom role will match whatever the default is set to.
The "Not allowed" option is only available for the User Default settings because custom roles can’t remove permissions that are already allowed by default.
Permission settings — Content types
The Content types section contains permissions to take action on different content types. These are user permissions.
Permission settings — Content types section
Subsection
Permission
Options
Applications
Share applications via fine-grained access control
Allowed: Space owners and users with the Can manage role can share individual applications with users or groups without adding them to the space.
Not allowed: Users can only share the entire space, not individual apps.
Applications
In-app content download
No data: Users can only download images and PDFs. Data downloads are not permitted.
Allowed: Users can download all types of app content.
Not allowed: App content downloads are not permitted.
Automations
Automations
Allowed: Users have access to shared automations.
Not allowed: Users can only access personal automations if they are assigned the Automation creator role. Admins can set User Default to not allowed and create custom roles to provide access to shared automations to a group of users.
Data content
Data connections
Allowed: Users can list, create, view, update, and delete data connections. Users can also read data from, and store data to, these connections.
Read: Users can view data connections, select and load data from connections, and store data to data connections.
Not allowed: Users cannot create, view, update, or delete data connections. Users also cannot read data from, or store data to, these connections.
Allowed: Users can generate AI-based validation rules for datasets, and descriptions for any resources.
Not allowed: Users cannot generate AI-based validation rules, descriptions or suggestions.
Data quality
Compute data quality
Read: Users can view the results of the data quality computation.
Allowed: Users can compute data quality and view the results.
Not allowed: Users cannot compute data quality.
Data quality
Configure Qlik Trust Score™
Allowed: Users can configure the Qlik Trust Score™ dimensions at the tenant level, view the score and its history.
Not allowed: Users cannot configure, or view the Qlik Trust Score™.
Developer
Manage API keys
Allowed: Users can create, view, update, and delete their own API keys in their personal settings.
Not allowed: Users cannot create or manage API keys.
Natural language query
Structured data
Allowed: Users can access Insight Advisor in all forms within Qlik Cloud. In other words, users can access Insight Advisor and Insight Advisor Chat from activity centers and apps.
Not allowed: Users cannot access Insight Advisor with in Qlik Cloud. In other words, users cannot access Insight Advisor or Insight Advisor Chat from activity centers or apps.
Natural language query
Insight Advisor in Microsoft Teams
Allowed: Users can access Insight Advisor Chat from Microsoft Teams.
Not allowed: Users cannot access Insight Advisor Chat from Microsoft Teams.
Space management
Request access to content
Allowed: Users can request access to content through the standard Qlik process.
Not allowed: Users cannot request access. You can customize the message shown when they try to access content to guide them to your organization's process.
Allowed: Users can access and manage all data products without space restrictions.
Not allowed: Users cannot manage data products.
Data quality
Administer AI-based descriptions and suggestions
Allowed: Users can manage tenant settings for generating AI-based descriptions for any resources and any validation rule suggestions for datasets. They can access and manage AI generations without space restrictions.
Not allowed: Users cannot manage AI generation settings.
Data quality
Administer semantic types
Allowed: Users can access and manage all semantic types.
Not allowed: Users cannot manage semantic types.
Data quality
Administer validation rules
Allowed: Users can access and manage all validation rules without space restrictions.
Not allowed: Users cannot manage validation rules.
The value assigned to a user for the In-app content download permission can impact their access to other Qlik Cloud features. The following sections breaks down the difference between each of the available options.
No data
The following apply for the No data option:
Provides full access to Insight Advisor Chat when it is accessed through Qlik Cloud or an external collaboration platform (for example, Microsoft Teams).
Allowed
The following apply for the Allowed option:
Provides full access to Insight Advisor Chat when it is accessed through Qlik Cloud or an external collaboration platform (for example, Microsoft Teams).
Not allowed
The following apply for the Not allowed option:
The user will not see static charts in Insight Advisor Chat. The user will also not be able to see any visualizations when using Insight Advisor Chat through a collaboration platform (for example, Microsoft Teams). All other Insight Advisor Chat capabilities, such as natural language insights, will be available.
Notes
Notes let you quickly add text commentary to an app or chart. They can also contain snapshots of data. You can keep them private or share them with other users.
Anonymous access is a way to make analytics content from Qlik Sense available to users who are not members of a Qlik Cloud tenant. When an app is made available using anonymous access, visualizations and sheets from the app can be embedded into external web pages, and all sheets can also be made available directly for exploration by external users.
This functionality is only available with a Qlik Anonymous Access subscription. For more information, see Qlik Anonymous Access subscriptions.
