Who can work with Qlik AutoML
User access to AutoML resources and functionality is determined by the following controls:
-
User entitlement
-
Assignment of specific security roles
-
Permissions assigned via the User Default or custom roles
-
Access to the space where the resources are located
See the sections below for details about each requirement.
User entitlement
For access to most Qlik AutoML capabilities, you need Professional or Full User entitlement in the tenant.
Users with Analyzer entitlement can:
-
Run predictions from ML deployments when using a Qlik Sense app. This action can occur when a script or visualization uses a data connection to Qlik AutoML (for example, the Qlik AutoML connector or a custom API connection).
-
Act as administrator model approvers. That is, with sufficient permissions, they can access a limited version of the Administration activity center and use it to activate or deactivate any model in the tenant. See Permissions assigned via User Default and custom roles.
AutoML security roles
Tenant administrators and the service account owner can work together to control which users in the tenant can use Qlik AutoML. This control is achieved by assignment of global user roles.
Each role defines specific access controls, depending on the actions the user will typically be performing. The following user roles are available:
-
Automl Experiment Contributor
-
Automl Deployment Contributor
A user with the Automl Experiment Contributor role typically creates and manages ML experiments. They can also view ML deployments and create new deployments from experiments.
A user with the Automl Deployment Contributor role typically works with ML deployments. They can create and manage ML deployments, and configure and run predictions from those deployments. A user with this role can also view ML experiments.
A user can have both roles at the same time. Users without either role cannot view or access AutoML resources.
For more information, see Permissions granted by security roles (user-based subscriptions) or Permissions granted by security roles (capacity-based subscriptions).
Permissions assigned via User Default and custom roles
After a model is first deployed into an ML deployment, it needs to be activated by a model approver before it can be used to create predictions. Model approvers can be users or administrators. Tenant administrators can also activate and deactivate any model in the tenant.
Tenant administrators are responsible for assigning specific permissions to users and administrators to allow them to activate and deactivate models. Depending on where the approver will be activating and deactivating models, the tenant admin must configure permissions via the User Default role, custom roles, or both.
Approval method | Where approval is performed | Required permissions |
---|---|---|
User | ML deployment |
All of the following:
|
Administrator | Administration activity center |
One of the following:
|
For more information about configuring these permissions, see:
-
Roles and permissions for users and administrators (user-based subscriptions)
-
Roles and permissions for users and administrators (capacity-based subscriptions)
Spaces
Experiments, ML deployments, and prediction datasets are stored in the catalog. Filter by type or use the collections to find them easily.
In addition to the AutoML security roles, permissions for working with AutoML are further governed by the spaces where the resources are located.
Personal space
You can create experiments and ML deployments in your personal space with the applicable security roles.
To generate predictions and save them in your personal space, you need both the relevant AutoML security roles and the Private Analytics Content Creator role.
Shared and managed spaces
To work with AutoML resources in a shared or managed space, you need the applicable AutoML security roles, as well as sufficient permissions in the space. For more information about what is required for each space type, see:
Administering experiments and ML deployments
Administering from Analytics or Insights activity centers
In the Analytics or Insights activity centers, tenant and analytics administrators can perform the following actions without any additional permissions:
-
View all experiments and ML deployments in the space
-
Delete experiments and ML deployments (only tenant administrator can delete these assets from another user's personal space)
For other actions, the administrator could require specific permissions, such as:
-
Space roles
-
Permissions assigned via User Default and custom roles
Administering from the Administration activity center
From the Administration activity center, tenant and analytics administrators, and users with specific permissions, can administer AutoML.
For more information and specific permissions for each administrator, see Administering Qlik AutoML and Working with model approval as an administrator.