Skip to main content Skip to complementary content

Who can work with Qlik AutoML

User access to AutoML resources and functionality is determined by the following controls:

  • User entitlement

  • Assignment of specific security roles

  • Permissions assigned via the User Default or custom roles

  • Access to the space where the resources are located

See the sections below for details about each requirement.

User entitlement

For access to most Qlik AutoML capabilities, you need Professional or Full User entitlement in the tenant.

Users with Analyzer entitlement can:

  • Run predictions from ML deployments when using a Qlik Sense app. This action can occur when a script or visualization uses a data connection to Qlik AutoML (for example, the Qlik AutoML connector or a custom API connection).

  • Act as administrator model approvers. That is, with sufficient permissions, they can access a limited version of the Administration activity center and use it to activate or deactivate any model in the tenant. See Permissions assigned via User Default and custom roles.

AutoML security roles

Tenant administrators and the service account owner can work together to control which users in the tenant can use Qlik AutoML. This control is achieved by assignment of global user roles.

Each role defines specific access controls, depending on the actions the user will typically be performing. The following user roles are available:

  • Automl Experiment Contributor

  • Automl Deployment Contributor

A user with the Automl Experiment Contributor role typically creates and manages ML experiments. They can also view ML deployments and create new deployments from experiments.

A user with the Automl Deployment Contributor role typically works with ML deployments. They can create and manage ML deployments, and configure and run predictions from those deployments. A user with this role can also view ML experiments.

A user can have both roles at the same time. Users without either role cannot view or access AutoML resources.

For more information, see Permissions granted by security roles (user-based subscriptions) or Permissions granted by security roles (capacity-based subscriptions).

Permissions assigned via User Default and custom roles

After a model is first deployed into an ML deployment, it needs to be activated by a model approver before it can be used to create predictions. Model approvers can be users or administrators. Tenant administrators can also activate and deactivate any model in the tenant.

Tenant administrators are responsible for assigning specific permissions to users and administrators to allow them to activate and deactivate models. Depending on where the approver will be activating and deactivating models, the tenant admin must configure permissions via the User Default role, custom roles, or both.

Model approval methods and required permissions
Approval method Where approval is performed Required permissions
User ML deployment

All of the following:

  • Automl Deployment Contributor security role

  • Applicable space role (if deployment is in shared or managed space)

  • The Approve or reject your AutoML models permission set to Allowed in one of the following:

    • User Default role (affects all users)

    • Custom role (only affects users with the custom role)

Administrator Administration activity center

One of the following:

  • Tenant Admin security role

  • Custom role with the Approve or reject AutoML models administrator permission set to Allowed

For more information about configuring these permissions, see:

Spaces

Experiments, ML deployments, and prediction datasets are stored in the catalog. Filter by type or use the collections to find them easily.

In addition to the AutoML security roles, permissions for working with AutoML are further governed by the spaces where the resources are located.

Personal space

You can create experiments and ML deployments in your personal space with the applicable security roles.

To generate predictions and save them in your personal space, you need both the relevant AutoML security roles and the Private Analytics Content Creator role.

Shared and managed spaces

To work with AutoML resources in a shared or managed space, you need the applicable AutoML security roles, as well as sufficient permissions in the space. For more information about what is required for each space type, see:

Administering experiments and ML deployments

Administering from Analytics or Insights activity centers

In the Analytics or Insights activity centers, tenant and analytics administrators can perform the following actions without any additional permissions:

  • View all experiments and ML deployments in the space

  • Delete experiments and ML deployments (only tenant administrator can delete these assets from another user's personal space)

For other actions, the administrator could require specific permissions, such as:

  • Space roles

  • Permissions assigned via User Default and custom roles

Administering from the Administration activity center

From the Administration activity center, tenant and analytics administrators, and users with specific permissions, can administer AutoML.

For more information and specific permissions for each administrator, see Administering Qlik AutoML and Working with model approval as an administrator.

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – let us know how we can improve!