Skip to main content
Qlik Resources
Announcements

Granular access control

For each user, Qlik Compose lets you set granular access permissions for different hierarchy levels in the system and for different objects at the same hierarchy level. This granular access control facilitates the decentralization of control, effectively preventing the same user from, for example, designing the model and managing the mappings. As such, granular access control lets you create a buffer between those who can create and design models and those who can create and run the mappings.

Qlik Compose handles permission management as follows:

  • Admins can add, remove, and change permissions.
  • Designers and Operators can view permissions.
  • Viewers cannot view permissions.

By default, each object inherits its permissions from its parent.

User permissions can be assigned to individual Data Warehouse projects as well as across all projects. The following hierarchy is in place, whereby:

  • Compose User Permissions are applied globally. Changes to Compose permissions will affect any level that inherits those permissions. At Compose root level, users must have at least Viewer permissions.

    Information note

    Only Admin users at the Compose level can perform logging actions, such as, changing the logging level and rolling over logs.

  • All Projects User Permissions apply to all projects. When inheritance is enabled (the default), permissions will be inherited from the “Compose” root level.
    • Information note

    A user that is assigned All Projects User Permissions but not Compose User Permissions is not authorized to log in to Compose.

  • Project User Permissions apply to a specific project. When inheritance is enabled (the default), permissions will be inherited from the “All Projects” level.

    Information note

    Supported with Data Warehouse projects only.

  • Model User Permissions apply to the model unless overridden at any of the lower levels. When inheritance is enabled (the default), permissions will be inherited from the “Project” level.

    Information note
    • Not applicable to Data Lake projects
    • If user permissions are other than None at the Project level, in the Model level the user must have at least Viewer permissions.

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – let us know how we can improve!

Leave your feedback here