Early Access: The content on this website is provided for informational purposes only in connection with pre-General Availability Qlik Products.
All content is subject to change and is provided without warranty.
Skip to main content Skip to complementary content
video thumbnail

Managing custom roles

Create customized roles in Qlik Cloud with specific permissions for individuals or groups. These roles can be assigned the same way as the built-in security roles and extend the User Default permissions.

Information note

This topic is applicable to Qlik Anonymous Access subscriptions. For other Qlik Cloud subscriptions, see:

Custom roles extend permissions beyond those granted by the User Default settings. When assigning a custom role to users, permissions can only be added, not removed. It's important to note that attempting to restrict a permission that is allowed in the User Default will have no effect. The permission will still be allowed to everyone.

You can choose to inherit the User Default permission. This is shown in the configuration as "User default (permission setting)"—for example, "User default (Not allowed)"—and means that the custom role will match whatever the default is set to.

For more information about how user default permissions interact with custom roles, see Roles and permissions for users and administrators.

Creating custom roles

Tenant administrators can create new roles and configure permissions using the options described in Permissions in User Default and custom roles.

Do the following:

  1. In the Administration activity center, go to Manage users.

  2. On the Permissions tab, click Create new.

  3. In the Create new role dialog, enter a name and description for the role.

  4. Use the search to find specific permissions.

    Tip noteYou can use the List all and Selected buttons to show all available permissions or only the selected ones.
  5. The User Default setting is shown for each permission. Choose the desired access level for the permissions you want to add.

  6. Click Create.

You can now assign your role to users or groups in the system. For more information, see Assigning security roles and custom roles.

Editing custom roles

Tenant administrators can edit custom roles.

Do the following:

  1. In the Administration activity center, go to Manage users.

  2. On the Permissions tab, find the role you want to edit.

  3. Click More, then select Edit.

  4. In the Edit role dialog, update the name or description and add or remove permissions as needed.

  5. Click Save changes.

Deleting custom roles

Tenant administrators can delete custom roles. Before deletion, make sure to unassign any users or groups associated with the role.

Do the following:

  1. In the Administration activity center, go to Manage users.

  2. On the Permissions tab, find the role that you want to delete.

  3. Click More, then select Delete.

  4. Select the checkbox to confirm the deletion, and then click Delete role.

Replacing deprecated built-in roles

Some built-in roles are being deprecated and will be removed in a future release. To avoid losing access to features, you must replace these roles with custom roles that include the same permissions. In some cases, you can use the User Default settings to make specific permissions available to all users.

Permissions required for replacements roles

Use the following table to identify which permissions to include in the custom role.

Deprecated roles and their required permissions
Deprecated built-in role Required permissions Available in User Default settings
Developer

Manage API keys (set to Allowed)

Yes
Tip noteYou can combine multiple permission sets in a single custom role or create separate roles for each permission—depending on how you want to manage access.

Creating a replacement role

To create and assign a replacement custom role:

  1. In the Administration activity center, go to Manage users.

  2. On the Permissions tab, select Create new.

  3. Name the role using your organization's naming convention.

  4. Add the permissions listed in the table above.

  5. Assign the role to users or groups who previously had the deprecated role.

  6. Remove the deprecated role from those user or groups.

Finding users and groups with deprecated roles

To identify users or groups assigned to deprecated roles, see Auditing user roles and access.

Best practices for role replacement

  • Migrate all users and groups before the deprecated role is removed to avoid disruptions in access.

  • Review custom roles regularly to ensure they follow your organization’s security and access policies.

Learn more

 

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – let us know how we can improve!