Roles and permissions
This topic explains how user roles affect the availability of console elements as well as which roles are required in order to perform Enterprise Manager operations.
Availability of console elements according to role
In the Enterprise Manager Console, you see menu items and buttons based on your particular security role. For example:
- The Servers view is available to all roles, but Designers only have read access to user permissions, and operators cannot add servers and can only view the different settings, but not edit them. Viewers do not see the options to view logs, edit settings, add, edit, or delete a server, register a license, or start/stop monitoring.
- The Server dialog box is available to Admins, Designers, and Operators. Operators can test the connection, but they cannot edit any fields. Viewers do not have access to this dialog box.
- In the Tasks view, Operators see the Open, Run, and Stop options, but Viewers only see Open option. Operators can search and assign tags, but they cannot add new tags or delete tags.
- In the dedicated Task tab, Operators see all available options (Run, Stop, Reload, Resume, Reset data errors, and so on) as well as the Monitor tab, but they do not see the Designer tab. Viewers only see the Monitor tab. They do not have access to any actions.
- In the Message Center, Viewers do not see the option to view logs.
Roles required for Enterprise Manager operations
The following table lists which user role is required to perform the available Enterprise Manager operations.
Some of the task operations are not available/relevant for Qlik Compose tasks. To find out if a particular permission applies to Qlik Compose, refer to the Help topic explaining how to perform the associated operation.
Permissions defined in Enterprise Manager take precedence over the permissions required for performing the correspondng operation directly in Replicate or in Qlik Compose.
| Permission/Operation | Admin | Designer | Operator | Viewer |
|---|---|---|---|---|
|
Servers view |
Yes |
Read-Only |
Read-Only |
Read-Only |
|
Add and delete server |
Yes |
No |
No |
No |
|
View server connection properties |
Yes |
Yes |
Yes |
No |
|
Edit server connection properties |
Yes |
Read-Only |
Read-Only |
No |
|
Test server connection |
Yes |
Yes |
Yes |
No |
|
Edit column settings in the server list, search for servers, and access the context menu for a specific server. |
Yes |
Yes |
Yes |
Yes |
| Permission/Operation | Admin | Designer | Operator | Viewer |
|---|---|---|---|---|
|
Access Design view (Replicate only) |
Yes |
Yes |
No |
No |
|
Access Monitor view (Replicate only) |
Yes |
Yes |
Yes |
Yes |
|
Add and design tasks |
Yes |
Yes |
No |
No |
|
Add and edit endpoints |
Yes |
Yes |
No |
No |
|
Import Task When a task with the same name already exists on the target server. |
Yes |
Yes* (see note below) |
No |
No |
|
Import Task When a task with the same name does not exist on the target server. |
Yes |
Yes* (see note below) |
No |
No |
|
Export task without endpoints |
Yes |
Yes |
Yes |
No |
|
Export task with endpoints |
Yes |
Yes |
Yes* (see note below) |
No |
For both of the Import Task permissions mentioned above, if the the exported JSON includes endpoints, then the Enterprise Manager user must also have the role of Designer on All Endpoints on the target server.
For the 'Export Task with endpoints' permissions mentioned above, the Enterprise Manager user must have the role of Operator on the task as well as on both endpoints.
| Permission/Operation | Admin | Designer | Operator | Viewer |
|---|---|---|---|---|
|
Set logging levels, set log file cleanup/rollover, and edit Message Center settings |
Yes |
Yes |
Read-Only |
No |
|
Edit user permissions |
Yes |
Read-Only |
Read-Only |
No |
|
View logs |
Yes |
Yes |
Yes |
No |
|
Perform runtime operations (such as start, stop, or reload targets) |
Yes |
Yes |
Yes |
No |
|
Delete tasks |
Yes |
Yes |
No |
No |
|
Search for and assign tags |
Yes |
Yes |
Yes |
No |
|
Add and delete tags |
Yes |
Yes |
No |
No |
|
Perform Tools menu actions (in Monitor view) |
Yes |
Yes |
Yes Note: The Operator must be for a specific task. |
No |
|
Access Message Center |
Yes |
Yes |
Yes |
Yes |
|
Register license |
Yes |
No |
No |
No |
|
View licenses |
Yes |
Yes |
Yes |
No |
|
View the Enterprise Manager machine name in the Licenses tab |
Yes |
Yes |
Yes |
No |
|
Hide the main Analytics tab |
Yes |
Yes |
No |
No |
|
View license alerts |
Yes |
Yes |
Yes |
Yes |