Overview
In Qlik Cloud, access to resources and capabilities is controlled through assigning roles to users or groups. There are two main categories:
- Tenant, or security roles: These are assigned to a user or group and grant them general
access to features or capabilities in the tenant. The roles can be of level
adminfor administrative roles, oruserfor non-administrative roles, which control access to capabilities. Customers can create custom roles to meet their specific needs. - Space roles: These are assigned to a user or group at the space level and determine what a user can do in that specific space.
Most content in a tenant resides in spaces, which means that users might need
a combination of tenant roles and space roles to undertake tasks. For example, even if
a user has been assigned the broadest administrative tenant role (TenantAdmin),
they still need the appropriate space role to open a Qlik Sense app in a space.
For more information on how roles work, review
the help documentation.
Tenant roles
Tenant roles (also known as security roles) are assigned via either the Users API or the Groups API. Each API requires you to send the role name without spaces, as detailed in the table. Role names are case-sensitive.
| UI name | API name | Role level | Permission type |
|---|---|---|---|
| Analytics Admin | AnalyticsAdmin | Admin | Permissive |
| Audit Admin | AuditAdmin | Admin | Permissive |
| Automation Creator | AutomationCreator | User | Permissive |
| Automl Deployment Contributor | AutomlDeploymentContributor | User | Permissive |
| Automl Experiment Contributor | AutomlExperimentContributor | User | Permissive |
| Collaboration Platform User | CollaborationPlatformUser | User | Permissive |
| Data Admin | DataAdmin | Admin | Permissive |
| Data Product Manager | DataProductManager | User | Permissive |
| Data Services Contributor | DataServicesContributor | User | Permissive |
| Data Space Creator | DataSpaceCreator | User | Permissive |
| Developer | Developer | User | Permissive |
| Embedded Analytics User | EmbeddedAnalyticsUser | User | Restrictive |
| Managed Space Creator | ManagedSpaceCreator | User | Permissive |
| Private Analytics Content Creator | PrivateAnalyticsContentCreator | User | Permissive |
| Shared Space Creator | SharedSpaceCreator | User | Permissive |
| Steward | Steward | User | Permissive |
| Tenant Admin | TenantAdmin | Admin | Permissive |
Additionally, there is a User Default role called userDefault, which is used
as the base set of scopes for all users. You can customize the scopes assigned to
this role, but you cannot unassign it from users.
For information on each role, refer to the help documentation.
See the custom roles tutorial to learn how to create and assign custom roles to users or groups.
Space roles
Space roles are assigned via the Spaces API. Available roles vary by space type. Roles are case-sensitive, and the API name may differ from the name in the user interface.
| UI name | API name | Supported in shared space | Supported in managed space | Supported in data space |
|---|---|---|---|---|
| Can view | consumer | Yes | Yes | Yes |
| Can contribute | contributor | No | Yes | No |
| Can consume data | dataconsumer | Yes | Yes | Yes |
| Can manage | facilitator | Yes | Yes | Yes |
| Can operate | operator | No | Yes | Yes |
| Can edit | producer | Yes | No | Yes |
| Can publish | publisher | No | Yes | Yes |
| Has restricted view | basicconsumer | No | Yes | No |
| Can edit data in apps | codeveloper | Yes | No | No |
For information on each role, refer to the help documentation.