Configure tenant features and capabilities
In this topic, you will learn about how to control access to features and capabilities in a Qlik Cloud tenant.
When using the management console of a tenant as a user with the Tenant Admin role, you will see various settings that help you control which features your users have access to. The configuration method varies by service, both in terms of the API calls required, and the level at which it can be configured. Some services support user or space-level access, while others are available only at the tenant level.
Prerequisites
- You have a basic understanding of Qlik Cloud and the features available to users.
- cURL for running the inline examples.
- Access to an API key or access token from an account assigned the Tenant Admin role.
Note: The cURL examples in this topic show the command syntax for Windows Command Prompt. If you are using another command line interface, different syntax may be required for line continuation. You may also need to adjust the number and type of quotes surrounding the parameters and their values.
Variable substitution
Throughout this topic, variables will be used to communicate value placement.
The variable substitution format is <VARIABLE_NAME>
. Here is a list of
variables referred to in this tutorial.
Variable | Description |
---|---|
<TENANT> | The URL for the tenant that you are configuring. Equivalent to tenanthostname.region.qlikcloud.com . |
<ACCESS_TOKEN> | A bearer token or API key for authorizing https requests to the <TENANT> . |
Configure automatic entitlement assignment
If you are a customer leveraging Qlik's user entitlement model, users will be assigned a named Professional or Analyzer entitlement, or consume Analyzer Capacity as they use the platform. For more information on this model, review assigning user entitlements.
To turn off the automatic assignment of named entitlements to new
users as they are created, or as they access content in the tenant, change the
values of autoAssignProfessional
and autoAssignAnalyzer
to false in this API call:
curl -L "https://<TENANT>/api/v1/licenses/settings" ^
-X PUT ^
-H "Authorization: Bearer <ACCESS_TOKEN>" ^
-H "Content-type: application/json" ^
-H "Accept: application/json" ^
-d "{\"autoAssignProfessional\":false,\"autoAssignAnalyzer\":false}"
If successful, the result of the request is returned with an http 200
code.
{
"autoAssignProfessional": false,
"autoAssignAnalyzer": false
}
For more information on this endpoint, review the API specification for licenses/settings.
Configure Application Automation
Qlik Application Automation is available by default to all users with the appropriate user entitlement in the tenant.
As automations exist only in personal spaces, you can determine who can create,
update, and delete their automations by adding or removing the Automation Creator
role from the Everyone
group.
If you are not familar with groups in Qlik Cloud, review the managing groups topic.
To remove this role from the Everyone
group, thereby removing the ability for
users to use automations, you must first retrieve the list of roles assigned to
the Everyone
group. The Everyone
group always has the
ID of 000000000000000000000001
.
curl -L "https://<TENANT>/api/v1/groups/000000000000000000000001" ^
-H "Authorization: Bearer <ACCESS_TOKEN>" ^
-H "Content-type: application/json" ^
-H "Accept: application/json"
This will return the group definition for the Everyone
group:
{
"id": "000000000000000000000001",
"tenantId": "BL4tTJ4S7xrHTcq0zQxQrJ5qB1_Q6cSo",
...
"name": "com.qlik.Everyone",
...
"assignedRoles": [
{
"id": "6467dcd960754c03a3ed402c",
"name": "AutomationCreator",
"type": "default",
"level": "user"
},
{
"id": "63580b8d5cf9728f19217be0",
"name": "PrivateAnalyticsContentCreator",
"type": "default",
"level": "user"
},
{
"id": "605a1c2151382ffc836af862",
"name": "SharedSpaceCreator",
"type": "default",
"level": "user"
}
],
...
}
This response indicates that there are three roles assigned to the Everyone
group; AutomationCreator
, PrivateAnalyticsContentCreator
and SharedSpaceCreator
.
Your next request will patch this group, requesting that the roles are replaced
with just PrivateAnalyticsContentCreator
and SharedSpaceCreator
.
curl -L -X PATCH "https://<TENANT>/api/v1/groups/000000000000000000000001" ^
-H "Authorization: Bearer <ACCESS_TOKEN>" ^
-H "Content-type: application/json" ^
-H "Accept: application/json" ^
-d "[{\"op\": \"replace\", \"path\": \"/assignedRoles\", \"value\": [{\"name\": \"PrivateAnalyticsContentCreator\"}, {\"name\": \"SharedSpaceCreator\"}]}]"
If successful, an empty response with an http 204
code is returned.
For more information on this endpoint, review the API specification for groups.
If you then wish to add this capability back to a subset of your users, you can opt to assign this role on a user-by-user or group-by-group basis with a patch call to the users or groups APIs.
Configure Data Alerts
Data alerts are enabled by default in new tenants, and can be configured at a tenant-wide level. This setting affects all users in a tenant, and will hide the feature context menus in Qlik Sense.
To turn off data alerts, set the value of enable-data-alerting
to false
:
curl -L -X PUT "https://<TENANT>/api/v1/data-alerts/settings" ^
-H "Authorization: Bearer <ACCESS_TOKEN>" ^
-H "Content-type: application/json" ^
-H "Accept: application/json" ^
-d "{\"enable-data-alerting\": false }"
If successful, an empty response with an http 204
code is returned.
For more information on this endpoint, review the API specification for data-alerts/settings.
Configure Notes
Notes are enabled by default in new tenants, and can be configured at a tenant-wide level. This setting affects all users in a tenant, and will hide the feature context menus in Qlik Sense.
To turn off notes, set the value of toggledOn
to false
:
curl -L "https://<TENANT>/api/v1/notes/settings" ^
-H "Authorization: Bearer <ACCESS_TOKEN>" ^
-H "Content-type: application/json" ^
-d "{ \"toggledOn\": false }"
If successful, the result of the request is returned with an http 200
code.
{
"available": false,
"reason": "toggle",
"lastFetch": "2023-07-21T16:26:30.158Z",
"toggledOn": false
}
This indicates that notes is no longer available to users.
For more information on this endpoint, review the API specification for notes/settings.
Configure usage metrics in the hub
Usage metrics are enabled by default in new tenants, and can be configured at a tenant-wide level. This setting affects all users in a tenant, and will hide the usage metrics visible in the hub.
To turn off usage metrics, set the value of /usageMetricsEnabled
to false
:
curl -L -X PATCH "https://<TENANT>/api/v1/items/settings" ^
-H "Authorization: Bearer <ACCESS_TOKEN>" ^
-H "Content-type: application/json" ^
-H "Accept: application/json" ^
-d "[{\"op\": \"replace\", \"path\": \"/usageMetricsEnabled\", \"value\": false }]"
If successful, the result of the request is returned with an http 200
code.
{
"usageMetricsEnabled": false
}
This indicates that usage metrics are no longer available or visible to users.
For more information on this endpoint, review the API specification for items/settings.