Managing roles
You can assign predefined security roles, or create custom ones.
There are four predefined roles:
- Administrator
- Developer
- NewsStand User
- User
You can give a role the rights to do specific actions on an entity type, but you cannot set rights to a single entity. For example, you can design a role that gives the right to view all reports related to a particular app. You cannot give a role rights to view only some of the reports available in an app.
The Administrator, Developer, and NewsStand User roles are system roles and have default permissions that cannot be changed. They are enabled automatically and cannot be disabled.
The User security role can be edited or used as a template for custom roles. By default, this role contains minimal permissions and is not enabled. You can enable it by going to Admin > Security roles.
Risks related to import task permissions
A user with permission to read import files can retrieve administrative credentials if present in the file. A user with edit rights can alter the result of the next import task execution that uses the .xlsx file.
Creating a new role
Do the following:
- Click Admin in the main menu.
- Select Security roles from the drop-down list.
-
Click Create role.
-
Enter a Name for the new role.
- Enter an Description (optional).
-
Leave the Enabled check box selected.
If you deselect the flag, the role will be saved, but ignored by the Qlik NPrinting Engine.
- Under Actions > Apps, select an app from the Available items list.
-
Move the selected app to the Selected items list.
A role must have at least one associated app. You can also check All apps to authorize users with the assigned role to use all available apps.
Setting app permissions
You can set different permissions related to apps, connections, filters, reports, publishing tasks, published reports, and destinations. The permissions are applied only to the added apps. It is possible to create very specific actions for a single app.
Under Actions > Apps:
- Apps: users can View, Edit, or Delete the associated apps.
- Connections: users can View, Edit, Create, or Delete connections to the selected apps. Reload metadata allows users to run a cache refresh. We recommend enabling this option for developers.
- Filters: users can View, Edit, Create, or Delete filters in selected apps.
-
Conditions: users can View, Edit, Create, or Delete conditions.
- Reports: users can View, Edit, Create, Delete, Preview, Edit template or Subscribe
- Publish tasks: users can View, Edit, Create, Delete, or Run now.
- Published reports: users can access reports in NewsStand. Users can Preview, or Download a published report.
- Destination: users can View, Edit, Create, or Delete destinations related to apps.
-
On-Demand reports: users can Create On-Demand reports
Setting user profile permissions
You can allow roles to perform the following actions on user profiles.
Under Actions > Users:
- Users: View, Edit, Create, or Delete user profiles.
- Groups: View, Edit, Create, or Delete groups.
Setting administrator permissions
You can allow roles to perform the following Admin actions.
Under Actions > Admin:
- Security: users can View, Edit, Create, or Delete security related entities.
- Settings: users can View or Edit settings.
- Engines: users can View, Edit, Create,or Delete engines.
- Import tasks: users can View, Edit, Create, or Delete import tasks. Select Run Now to give users the ability to import tasks without waiting for the next scheduled execution.
- Task executions: users can View or Abort tasks.
- On-Demand requests: users can View, Abort, or Delete requests.
- Audit: users can Export audit trail logs.
When finished, save the role in the repository by clicking Create.
Copying roles
If you are making a new role that is very similar to an existing role, you can save time by copying the original. For example, you may want to make a new role that is similar to the Developer role, but has some rights exceptions.
Do the following:
- Click Admin in the main menu.
- Select Security roles from the drop-down list.
- Click the Actions gear icon next to the role you want to clone.
- Click Copy in the drop-down list.
- A new form will open. The copied role can be edited the same as a new role, described above.
When you finish, save the role in the repository by clicking Create.
Adding roles to user profiles
You can add or remove user roles at any time. To set permissions for the user, you must first create a role, and then associate it with the user.
Do the following:
- Click Admin in the main menu.
- Select Users from the drop-down list.
- Click on the user name in the list.
- Move it to the Selected items list.
- Confirm and save to the repository by clicking on the Update user roles button.