Skip to main content

Managing roles

You can assign predefined security roles, or create custom ones.

There are four predefined roles:

  • Administrator
  • Developer
  • NewsStand User
  • User
You can associate one or more roles to a user. Creating new roles lets you customize authorization profiles for your reporting system. For example, you can make it so certain users can only view the reports of a particular app.

You can give a role the rights to do specific actions on an entity type, but you cannot set rights to a single entity. For example, you can design a role that gives the right to view all reports related to a particular app. You cannot give a role rights to view only some of the reports available in an app.

Risks related to import task permissions

Warning: You can grant security roles permission to view, create, edit, delete, and run import tasks. Import tasks let you create and edit Qlik NPrinting users, including adding administrative roles to the .xlsx import file. This means that users with permission to edit import tasks can grant administrative roles to themselves and other users. Import task run permission is not required to run import tasks, because edit privileges let you create and enable import task triggers.

A user with permission to read import files can retrieve administrative credentials if present in the file. A user with edit rights can alter the result of the next import task execution that uses the .xlsx file.

Creating a new role

Do the following:

  1. Click Admin in the main menu.
  2. Select Security roles from the drop-down list.
  3. Click Create role.

  4. Enter a Name for the new role.

  5. Enter an Description (optional).
  6. Leave the Enabled check box selected.

    If you deselect the flag, the role will be saved, but ignored by the Qlik NPrinting Engine.

  7. Under Actions > Apps, select an app from the Available items list.
  8. Move the selected app to the Selected items list.

    A role must have at least one associated app. You can also check All apps to authorize users with the assigned role to use all available apps.

Setting app permissions

You can set different permissions related to apps, connections, filters, reports, publishing tasks, published reports, and destinations. The permissions are applied only to the added apps. It is possible to create very specific actions for a single app.

Under Actions > Apps:

  • Apps: users can View, Edit, or Delete the associated apps.
  • Connections: users can View, Edit, Create, or Delete connections to the selected apps. Reload metadata allows users to run a cache refresh. We recommend enabling this option for developers.
  • Filters: users can View, Edit, Create, or Delete filters in selected apps.
  • Conditions: users can View, Edit, Create, or Delete conditions.

  • Reports: users can View, Edit, Create, Delete, Preview, Edit template or Subscribe
  • Publish tasks: users can View, Edit, Create, Delete, or Run now.
  • Published reports: users can access reports in NewsStand. Users can Preview, or Download a published report.
  • Destination: users can View, Edit, Create, or Delete destinations related to apps.
  • On-Demand reports: users can Create On-Demand reports

Setting user profile permissions

You can allow roles to perform the following actions on user profiles.

Under Actions > Users:

  • Users: View, Edit, Create, or Delete user profiles.
  • Groups: View, Edit, Create, or Delete groups.

Setting administrator permissions

You can allow roles to perform the following Admin actions.

Under Actions > Admin:

  • Security: users can View, Edit, Create, or Delete security related entities.
  • Settings: users can View or Edit settings.
  • Engines: users can View, Edit, Create,or Delete engines.
  • Import tasks: users can View, Edit, Create, or Delete import tasks. Select Run Now to give users the ability to import tasks without waiting for the next scheduled execution.
  • Task executions: users can View or Abort tasks.
  • On-Demand requests: users can View, Abort, or Delete requests.

When finished, save the role in the repository by clicking Create.

Copying roles

If you are making a new role that is very similar to an existing role, you can save time by copying the original. For example, you may want to make a new role that is similar to the Developer role, but has some rights exceptions.

Do the following:

  1. Click Admin in the main menu.
  2. Select Security roles from the drop-down list.
  3. Click the Actions gear icon next to the role you want to clone.
  4. Click Copy in the drop-down list.
  5. A new form will open. The copied role can be edited the same as a new role, described above.

When you finish, save the role in the repository by clicking Create.

Adding roles to user profiles

You can add or remove user roles at any time. To set permissions for the user, you must first create a role, and then associate it with the user.

Do the following:

  1. Click Admin in the main menu.
  2. Select Users from the drop-down list.
  3. Click on the user name in the list.
  4. Move it to the Selected items list.
  5. Confirm and save to the repository by clicking on the Update user roles button.