Skip to content

Overview

In Qlik Cloud, access to resources and capabilities is controlled through assigning roles to users or groups. There are two main categories:

  • Tenant, or security roles: These are assigned to a user or group and grant them general access to features or capabilities in the tenant. The roles can be of level admin for administrative roles, or user for non-administrative roles, which control access to capabilities. Customers can create custom roles to meet their specific needs.
  • Space roles: These are assigned to a user or group at the space level and determine what a user can do in that specific space.

Most content in a tenant resides in spaces, which means that users might need a combination of tenant roles and space roles to undertake tasks. For example, even if a user has been assigned the broadest administrative tenant role (TenantAdmin), they still need the appropriate space role to open a Qlik Sense app in a space. For more information on how roles work, review the help documentation.

Tenant roles

Tenant roles (also known as security roles) are assigned via either the Users API or the Groups API. Each API requires you to send the role name without spaces, as detailed in the table. Role names are case-sensitive.

UI nameAPI nameRole levelPermission type
Analytics AdminAnalyticsAdminAdminPermissive
Audit AdminAuditAdminAdminPermissive
Automation CreatorAutomationCreatorUserPermissive
Automl Deployment ContributorAutomlDeploymentContributorUserPermissive
Automl Experiment ContributorAutomlExperimentContributorUserPermissive
Collaboration Platform UserCollaborationPlatformUserUserPermissive
Data AdminDataAdminAdminPermissive
Data Product ManagerDataProductManagerUserPermissive
Data Services ContributorDataServicesContributorUserPermissive
Data Space CreatorDataSpaceCreatorUserPermissive
DeveloperDeveloperUserPermissive
Embedded Analytics UserEmbeddedAnalyticsUserUserRestrictive
Managed Space CreatorManagedSpaceCreatorUserPermissive
Private Analytics Content CreatorPrivateAnalyticsContentCreatorUserPermissive
Shared Space CreatorSharedSpaceCreatorUserPermissive
StewardStewardUserPermissive
Tenant AdminTenantAdminAdminPermissive

Additionally, there is a User Default role called userDefault, which is used as the base set of scopes for all users. You can customize the scopes assigned to this role, but you cannot unassign it from users.

For information on each role, refer to the help documentation.

See the custom roles tutorial to learn how to create and assign custom roles to users or groups.

Space roles

Space roles are assigned via the Spaces API. Available roles vary by space type. Roles are case-sensitive, and the API name may differ from the name in the user interface.

UI nameAPI nameSupported in shared spaceSupported in managed spaceSupported in data space
Can viewconsumerYesYesYes
Can contributecontributorNoYesNo
Can consume datadataconsumerYesYesYes
Can managefacilitatorYesYesYes
Can operateoperatorNoYesYes
Can editproducerYesNoYes
Can publishpublisherNoYesYes
Has restricted viewbasicconsumerNoYesNo
Can edit data in appscodeveloperYesNoNo
Can view datadatapreviewNoNoYes

For information on each role, refer to the help documentation.

Was this page helpful?