Managing custom roles
Create customized roles in Qlik Cloud with specific permissions for individuals or groups. These roles can be assigned the same way as the built-in security roles and extend the User Default permissions.
This topic is applicable to Qlik Anonymous Access subscriptions. For other Qlik Cloud subscriptions, see:
-
Standard, Premium, or Enterprise edition of Qlik Cloud Analytics or Qlik Cloud Data Integration: Managing users - Capacity-based subscriptions
-
Qlik Sense Enterprise SaaS, Qlik Sense Business, or Qlik Cloud Government: Managing users - User-based subscriptions
Custom roles extend permissions beyond those granted by the User Default settings. When assigning a custom role to users, permissions can only be added, not removed. It's important to note that attempting to restrict a permission that is allowed in the User Default will have no effect. The permission will still be allowed to everyone.
You can choose to inherit the User Default permission. This is shown in the configuration as "User default (permission setting)"—for example, "User default (Not allowed)"—and means that the custom role will match whatever the default is set to.
For more information about how user default permissions interact with custom roles, see Roles and permissions for users and administrators.
Creating custom roles
Tenant administrators can create new roles and configure permissions using the options described in Permissions in User Default and custom roles.
Do the following:
-
In the Administration activity center, go to Manage users.
-
On the Permissions tab, click Create new.
-
In the Create new role dialog, enter a name and description for the role.
-
Use the search to find specific permissions.
Tip noteYou can use the List all and Selected buttons to show all available permissions or only the selected ones. -
The User Default setting is shown for each permission. Choose the desired access level for the permissions you want to add.
-
Click Create.
You can now assign your role to users or groups in the system. For more information, see Assigning security roles and custom roles.
Editing custom roles
Tenant administrators can edit custom roles.
Do the following:
-
In the Administration activity center, go to Manage users.
-
On the Permissions tab, find the role you want to edit.
-
Click
, then select Edit.
-
In the Edit role dialog, update the name or description and add or remove permissions as needed.
-
Click Save changes.
Deleting custom roles
Tenant administrators can delete custom roles. Before deletion, make sure to unassign any users or groups associated with the role.
Do the following:
-
In the Administration activity center, go to Manage users.
-
On the Permissions tab, find the role that you want to delete.
-
Click
, then select Delete.
-
Select the checkbox to confirm the deletion, and then click Delete role.
Replacing deprecated built-in roles
Some built-in roles are being deprecated and will be removed in a future release. To avoid losing access to features, you must replace these roles with custom roles that include the same permissions. In some cases, you can use the User Default settings to make specific permissions available to all users.
Permissions required for replacements roles
Use the following table to identify which permissions to include in the custom role.
Deprecated built-in role | Required permissions | Available in User Default settings |
---|---|---|
Developer |
Manage API keys (set to Allowed) |
Yes |
Creating a replacement role
To create and assign a replacement custom role:
-
In the Administration activity center, go to Manage users.
-
On the Permissions tab, select Create new.
-
Name the role using your organization's naming convention.
-
Add the permissions listed in the table above.
-
Assign the role to users or groups who previously had the deprecated role.
-
Remove the deprecated role from those user or groups.
Finding users and groups with deprecated roles
To identify users or groups assigned to deprecated roles, see Auditing user roles and access.
Best practices for role replacement
-
Migrate all users and groups before the deprecated role is removed to avoid disruptions in access.
-
Review custom roles regularly to ensure they follow your organization’s security and access policies.