Roles

Download AsyncAPI spec

Role created

Published when a role is created. Permission lists are not included in the payload due to payload size limits, but assigned scopes for custom roles will be included.

Payload

object
  • idstring
    Required

    Identifies the event.

    minLength = 1

  • timestring

    Timestamp of when the occurrence happened. Must adhere to RFC 3339.

    minLength = 1, format = "date-time"

  • typestring
    Required

    Unique identifier for the event type.

    default = "com.qlik.v1.role.created"

  • sourcestring
    Required

    Identifies the context in which an event happened.

    minLength = 1, format = "uri-reference", default = "com.qlik/identities"

  • specversionstring
    Required

    The version of the CloudEvents specification which the event uses.

    minLength = 1

  • datacontenttypestring

    Content type of the data value. Must adhere to RFC 2046 format.

    minLength = 1

  • useridstring

    Unique identifier for the user triggering the event.

  • tenantidstring
    Required

    Unique identifier for the tenant related to the event.

  • dataobject

    Represents a role entity.

    Show data properties
    • idstring
      Required

      Unique identifier for the role.

      format = "uid"

    • namestring
      Required

      Name of the role.

    • typestring

      Indicates whether role is system/default or custom.

      Can be one of: "default""custom"

    • levelstring
      Required

      Indicates whether it is a user or admin-level role.

    • canEditboolean

      Indicates whether role can be edited by users or not.

    • fullUserbooleanDeprecated

      DEPRECATED. Use userEntitlementType instead for impact of roles on user entitlements with a capacity-based subscription.

    • tenantIdstring
      Required

      Unique identifier for the tenant associated with the given role.

      format = "uid"

    • canDeleteboolean

      Indicates whether role can be deleted by users or not.

    • createdAtstring

      Timestamp when the role was created.

      format = "date-time"

    • createdBystring

      Unique identifier for the user who created the role. Could be Mongo OID or an old ID format in the case of legacy users.

    • updatedBystring

      Unique identifier for the user who last updated the role. Could be Mongo OID or an old ID format in the case of legacy users.

    • descriptionstring

      A helpful description of the role.

    • lastUpdatedAtstring
      Required

      Timestamp when the role was last updated.

      format = "date-time"

    • assignedScopesarray of strings

      Selection of scopes added to this role.

    • userEntitlementTypestring

      Indicates whether this role will trigger promotion of a user from a basic to a full user on tenants with a capacity-based subscription. Does not apply to tenants with a user-based subscription.

com.qlik.v1.role.created

Example payload of the "Role created" event

{
  "id": "A234-1234-1234",
  "time": "2026-03-22T10:01:02Z",
  "type": "com.qlik.v1.role.created",
  "source": "com.qlik/identities",
  "specversion": "1.0",
  "datacontenttype": "application/json",
  "userid": "VZhiEfgW2bLd7HgR-jjzAh6VnicipweT",
  "tenantid": "VZhiEfgW2bLd7HgR-jjzAh6VnicipweT",
  "data": {
    "id": "507f191e810c19729de860ea",
    "name": "TenantAdmin",
    "type": "default",
    "level": "admin",
    "canEdit": false,
    "fullUser": true,
    "tenantId": "VZhiEfgW2bLd7HgR-jjzAh6VnicipweT",
    "canDelete": false,
    "createdAt": "2021-03-22T10:01:02Z",
    "createdBy": "6228c560543c200449c13255",
    "updatedBy": "6228c560543c200449c13255",
    "description": "Administrator role for the tenant",
    "lastUpdatedAt": "2026-03-22T10:01:02Z",
    "assignedScopes": [
      "scope.read",
      "scope.update"
    ],
    "userEntitlementType": "full"
  }
}

Role deleted

Published when a role is deleted.

Payload

object
  • idstring
    Required

    Identifies the event.

    minLength = 1

  • timestring

    Timestamp of when the occurrence happened. Must adhere to RFC 3339.

    minLength = 1, format = "date-time"

  • typestring
    Required

    Unique identifier for the event type.

    default = "com.qlik.v1.role.deleted"

  • sourcestring
    Required

    Identifies the context in which an event happened.

    minLength = 1, format = "uri-reference", default = "com.qlik/identities"

  • specversionstring
    Required

    The version of the CloudEvents specification which the event uses.

    minLength = 1

  • datacontenttypestring

    Content type of the data value. Must adhere to RFC 2046 format.

    minLength = 1

  • useridstring

    Unique identifier for the user triggering the event.

  • tenantidstring
    Required

    Unique identifier for the tenant related to the event.

  • dataobject

    Represents a role entity.

    Show data properties
    • idstring
      Required

      Unique identifier for the role.

      format = "uid"

    • namestring
      Required

      Name of the role.

    • typestring

      Indicates whether role is system/default or custom.

      Can be one of: "default""custom"

    • levelstring
      Required

      Indicates whether it is a user or admin-level role.

    • canEditboolean

      Indicates whether role can be edited by users or not.

    • fullUserbooleanDeprecated

      DEPRECATED. Use userEntitlementType instead for impact of roles on user entitlements with a capacity-based subscription.

    • tenantIdstring
      Required

      Unique identifier for the tenant associated with the given role.

      format = "uid"

    • canDeleteboolean

      Indicates whether role can be deleted by users or not.

    • createdAtstring

      Timestamp when the role was created.

      format = "date-time"

    • createdBystring

      Unique identifier for the user who created the role. Could be Mongo OID or an old ID format in the case of legacy users.

    • updatedBystring

      Unique identifier for the user who last updated the role. Could be Mongo OID or an old ID format in the case of legacy users.

    • descriptionstring

      A helpful description of the role.

    • lastUpdatedAtstring
      Required

      Timestamp when the role was last updated.

      format = "date-time"

    • assignedScopesarray of strings

      Selection of scopes added to this role.

    • userEntitlementTypestring

      Indicates whether this role will trigger promotion of a user from a basic to a full user on tenants with a capacity-based subscription. Does not apply to tenants with a user-based subscription.

com.qlik.v1.role.deleted

Example payload of the "Role deleted" event

{
  "id": "A234-1234-1234",
  "time": "2026-03-22T10:01:02Z",
  "type": "com.qlik.v1.role.deleted",
  "source": "com.qlik/identities",
  "specversion": "1.0",
  "datacontenttype": "application/json",
  "userid": "VZhiEfgW2bLd7HgR-jjzAh6VnicipweT",
  "tenantid": "VZhiEfgW2bLd7HgR-jjzAh6VnicipweT",
  "data": {
    "id": "507f191e810c19729de860ea",
    "name": "TenantAdmin",
    "type": "default",
    "level": "admin",
    "canEdit": false,
    "fullUser": true,
    "tenantId": "VZhiEfgW2bLd7HgR-jjzAh6VnicipweT",
    "canDelete": false,
    "createdAt": "2021-03-22T10:01:02Z",
    "createdBy": "6228c560543c200449c13255",
    "updatedBy": "6228c560543c200449c13255",
    "description": "Administrator role for the tenant",
    "lastUpdatedAt": "2026-03-22T10:01:02Z",
    "assignedScopes": [
      "scope.read",
      "scope.update"
    ],
    "userEntitlementType": "full"
  }
}

Role synced

Published when role definitions are synchronized across the platform. Permission lists are not included in the payload due to payload size limits.

Payload

object
  • idstring
    Required

    Identifies the event.

    minLength = 1

  • timestring

    Timestamp of when the occurrence happened. Must adhere to RFC 3339.

    minLength = 1, format = "date-time"

  • typestring
    Required

    Unique identifier for the event type.

    default = "com.qlik.v1.role.synced"

  • sourcestring
    Required

    Identifies the context in which an event happened.

    minLength = 1, format = "uri-reference", default = "com.qlik/identities"

  • specversionstring
    Required

    The version of the CloudEvents specification which the event uses.

    minLength = 1

  • datacontenttypestring

    Content type of the data value. Must adhere to RFC 2046 format.

    minLength = 1

  • useridstring

    Unique identifier for the user triggering the event.

  • tenantidstring
    Required

    Unique identifier for the tenant related to the event.

  • dataobject

    Payload containing the roles that were synced.

    Show data properties
    • rolesarray of objects

      Represents a role entity.

      Show roles properties
      • idstring
        Required

        Unique identifier for the role.

        format = "uid"

      • namestring
        Required

        Name of the role.

      • typestring

        Indicates whether role is system/default or custom.

        Can be one of: "default""custom"

      • levelstring
        Required

        Indicates whether it is a user or admin-level role.

      • canEditboolean

        Indicates whether role can be edited by users or not.

      • fullUserbooleanDeprecated

        DEPRECATED. Use userEntitlementType instead for impact of roles on user entitlements with a capacity-based subscription.

      • tenantIdstring
        Required

        Unique identifier for the tenant associated with the given role.

        format = "uid"

      • canDeleteboolean

        Indicates whether role can be deleted by users or not.

      • createdAtstring

        Timestamp when the role was created.

        format = "date-time"

      • createdBystring

        Unique identifier for the user who created the role. Could be Mongo OID or an old ID format in the case of legacy users.

      • updatedBystring

        Unique identifier for the user who last updated the role. Could be Mongo OID or an old ID format in the case of legacy users.

      • descriptionstring

        A helpful description of the role.

      • lastUpdatedAtstring
        Required

        Timestamp when the role was last updated.

        format = "date-time"

      • assignedScopesarray of strings

        Selection of scopes added to this role.

      • userEntitlementTypestring

        Indicates whether this role will trigger promotion of a user from a basic to a full user on tenants with a capacity-based subscription. Does not apply to tenants with a user-based subscription.

com.qlik.v1.role.synced

Example payload of the "Role synced" event

{
  "id": "A234-1234-1234",
  "time": "2026-03-22T10:01:02Z",
  "type": "com.qlik.v1.role.synced",
  "source": "com.qlik/identities",
  "specversion": "1.0",
  "datacontenttype": "application/json",
  "userid": "VZhiEfgW2bLd7HgR-jjzAh6VnicipweT",
  "tenantid": "VZhiEfgW2bLd7HgR-jjzAh6VnicipweT",
  "data": {
    "roles": [
      {
        "id": "507f191e810c19729de860ea",
        "name": "TenantAdmin",
        "type": "default",
        "level": "admin",
        "canEdit": false,
        "fullUser": true,
        "tenantId": "VZhiEfgW2bLd7HgR-jjzAh6VnicipweT",
        "canDelete": false,
        "createdAt": "2021-03-22T10:01:02Z",
        "createdBy": "6228c560543c200449c13255",
        "updatedBy": "6228c560543c200449c13255",
        "description": "Administrator role for the tenant",
        "lastUpdatedAt": "2026-03-22T10:01:02Z",
        "assignedScopes": [
          "scope.read",
          "scope.update"
        ],
        "userEntitlementType": "full"
      }
    ]
  }
}

Role updated

Published when a role is updated by an admin. Permission lists are not included in the payload due to payload size limits.

Payload

object
  • idstring
    Required

    Identifies the event.

    minLength = 1

  • timestring

    Timestamp of when the occurrence happened. Must adhere to RFC 3339.

    minLength = 1, format = "date-time"

  • typestring
    Required

    Unique identifier for the event type.

    default = "com.qlik.v1.role.updated"

  • sourcestring
    Required

    Identifies the context in which an event happened.

    minLength = 1, format = "uri-reference", default = "com.qlik/identities"

  • specversionstring
    Required

    The version of the CloudEvents specification which the event uses.

    minLength = 1

  • datacontenttypestring

    Content type of the data value. Must adhere to RFC 2046 format.

    minLength = 1

  • useridstring

    Unique identifier for the user triggering the event.

  • tenantidstring
    Required

    Unique identifier for the tenant related to the event.

  • dataobject

    Represents a role entity.

    Show data properties
    • _updatesarray of objects

      Collection of updates performed on the resource.

      Show _updates properties
      • pathstring

        Field that was updated.

      • newValuestring

        Value of the field after the update.

      • oldValuestring

        Value of the field before the update.
    • idstring
      Required

      Unique identifier for the role.

      format = "uid"

    • namestring
      Required

      Name of the role.

    • typestring

      Indicates whether role is system/default or custom.

      Can be one of: "default""custom"

    • levelstring
      Required

      Indicates whether it is a user or admin-level role.

    • canEditboolean

      Indicates whether role can be edited by users or not.

    • fullUserbooleanDeprecated

      DEPRECATED. Use userEntitlementType instead for impact of roles on user entitlements with a capacity-based subscription.

    • tenantIdstring
      Required

      Unique identifier for the tenant associated with the given role.

      format = "uid"

    • canDeleteboolean

      Indicates whether role can be deleted by users or not.

    • createdAtstring

      Timestamp when the role was created.

      format = "date-time"

    • createdBystring

      Unique identifier for the user who created the role. Could be Mongo OID or an old ID format in the case of legacy users.

    • updatedBystring

      Unique identifier for the user who last updated the role. Could be Mongo OID or an old ID format in the case of legacy users.

    • descriptionstring

      A helpful description of the role.

    • lastUpdatedAtstring
      Required

      Timestamp when the role was last updated.

      format = "date-time"

    • assignedScopesarray of strings

      Selection of scopes added to this role.

    • userEntitlementTypestring

      Indicates whether this role will trigger promotion of a user from a basic to a full user on tenants with a capacity-based subscription. Does not apply to tenants with a user-based subscription.

com.qlik.v1.role.updated

Example payload of the "Role updated" event

{
  "id": "A234-1234-1234",
  "time": "2026-03-22T10:01:02Z",
  "type": "com.qlik.v1.role.updated",
  "source": "com.qlik/identities",
  "specversion": "1.0",
  "datacontenttype": "application/json",
  "userid": "VZhiEfgW2bLd7HgR-jjzAh6VnicipweT",
  "tenantid": "VZhiEfgW2bLd7HgR-jjzAh6VnicipweT",
  "data": {
    "_updates": [
      {
        "path": "/attributePath",
        "newValue": "Dan",
        "oldValue": "Dylan"
      }
    ],
    "id": "507f191e810c19729de860ea",
    "name": "tenantAdmin",
    "type": "default",
    "level": "admin",
    "canEdit": true,
    "fullUser": true,
    "tenantId": "VZhiEfgW2bLd7HgR-jjzAh6VnicipweT",
    "canDelete": true,
    "createdAt": "2021-03-22T10:01:02Z",
    "createdBy": "VZhiEfgW2bLd7HgR-jjzAh6VnicipweT",
    "updatedBy": "VZhiEfgW2bLd7HgR-jjzAh6VnicipweT",
    "description": "string",
    "lastUpdatedAt": "2021-03-22T10:01:02Z",
    "assignedScopes": [
      "string"
    ],
    "userEntitlementType": "string"
  }
}