Skip to main content
Announcements
Qlik Introduces a New Era of Visualization! READ ALL ABOUT IT
Sonja_Bauernfeind
Digital Support
Digital Support

On April 16th2024, Qlik is launching a highly anticipated capability: custom security roles.

What do custom security roles do?

Custom security roles introduce fine control of data export and access permissions within Qlik apps. This allows you to tailor permissions to your specific needs, enhancing data security and compliance.

The first delivery on April 16th includes the capability to control who can export content. Additional capabilities will be added soon after, such as who can create data connections, reports, and similar.

What does this mean for me?

As part of this update, the existing "has restricted view" space role will gain the ability to export data to Excel. This adjustment is in line with Qlik's capacity-based pricing model, ensuring basic users have essential tools.

If you do not wish for users with the "has restricted view" space role to be able to export data, you will need to edit the User Default role to deny download for all users, and then create a custom role that allows if for specific users and groups.

 

Stay tuned for more information and resources leading up to the April 16th launch. We are excited about these enhancements and the value they will bring to your data management and security efforts within Qlik.

Thank you for choosing Qlik,
Qlik Support

34 Comments
DataKnight1
Contributor III
Contributor III

Great, thank you @Sonja_Bauernfeind  🙂

1,055 Views
Thomas_Hopp
Employee
Employee

Hi all,

let me answer a few of your question here already and thanks for adding your comments above.

A: The custom role is a global setting which enables users across the whole tenant to export. By default it is set to everyone via the user default role. With that you can turn it off and then create a custom role which you can then assign only to a couple of people for instance.

And at the same time as the current Space role "Has restricted view" will get updated by adding the export capability on April 16th as well, we are actively looking into a short term fix to allow you to prevent the export option within some apps. More updates on that to be added asap.

Q: Will capacity license basic users are able to export excel with the custom security rule?

A: Yes, this is because we are updating the Space role as mentioned in my answer above as well on April 16th in the interest of the basic user being able to export data to excel. And by that they will not get auto promoted to a full user then.

Q: As I understand it, the "has restricted view" is pretty much only used to limit data export, so is this role going away or will it serve another purpose? It seems to me it will be identical to "can view" after this change.

A: Both roles will stay for now @AlexOmetis and we continue to look into options to clean things up. They are not 100 % equal but we are looking into this. And as I said above, the current "has restricted view" role will get updated. So you can as of April 16th only control the export capability on the Tenant level. We are already looking into an option (to be added very soon) which allows you to disable this on the App level instead in case it is needed for a sensitive app.

Q: How long until we see the rules added to restrict access to data connections.

A: @StephanieR this is already working in my Staging environment from a backend perspective. But we are fixing some UI patterns right now. Technically the permissions are already enforced but in some UI elements, users would still see the create button for instance. This is what we do want to improve before enabling this scope globally. We can stay in touch on that topic and maybe considering an EAP for you with that scope within the next couple of days.

Please let me know about other questions and I try to be back here soon to answer those

 

1,021 Views
AlexOmetis
Partner Ambassador
Partner Ambassador

Thanks for the clear replies as ever Thomas. It is good this is being announced ahead of time - however I think it's worrying that granular control of who can export from which spaces is being removed. If I understand what you're saying, a customer has been using this to restrict exporting data they now have to choose between allowing everyone to export or no-one - across all users/spaces in a tenant. I can imagine this won't be an easy decision for many customers! Appreciate that you say you're looking to fill that gap ASAP but I'm guessing it won't be before this goes live on Tuesday. 

958 Views
Thomas_Hopp
Employee
Employee

This is clearly understood @AlexOmetis and it wasn’t an easy decision. We are trying our best to add an option to disable the download option asap. Most likely not Tuesday but not far away. This is one of the reasons why we added that pre announcement, to make customers aware of that change.

And right now, we are looking into the option to disable the full right click menu within charts in apps. This would even allow you to do it for others than only has restricted view users. But mostly this is to make sure the download option is not exposed.

more updates on that to be shared soon. And this will as well be used in upcoming anonymous access use cases. That in app setting option for the right click menu

899 Views
StephanieR
Luminary
Luminary

A: @StephanieR this is already working in my Staging environment from a backend perspective. But we are fixing some UI patterns right now. Technically the permissions are already enforced but in some UI elements, users would still see the create button for instance. This is what we do want to improve before enabling this scope globally. We can stay in touch on that topic and maybe considering an EAP for you with that scope within the next couple of days 
@Thomas_Hopp  thank you and that is very exciting, please reach out we would love to touchbase and test as this is what we have been waiting for. Appreciate all you are doing 

Steph 

845 Views
robert99
Specialist III
Specialist III

Hi @Thomas_Hopp 

 

Thanks for the information. Regarding this

"This is clearly understood @AlexOmetis and it wasn’t an easy decision."

It should have been a very easy decision. Don't change a Role like 'Has Restricted View' until an alternative is in place for a good amount of time. So

-Introduce new 'Custom Security Rules' 

-Then after 6 months minimum maybe (see below) change 'Has Restricted View'.

But Im unsure why you need to change 'Has Restricted View' at all. Why not leave it like it is? And just do no more than introducing the new Custom Security rules. This is an Excellent (but obvious) improvement. Hopefully its very easy to set up. 

 

801 Views
PabloLabbeImaps
Partner Ambassador
Partner Ambassador

@Thomas_Hopp , anonymous access is a must have feature. It's something like a tenant wide configuration or can be configured by space or app ?

701 Views
moshea
Contributor III
Contributor III

Hi ,

Today is April 16th2024 and there is no option for basic user to export data to excel, when this option will be available?

 

thanks

650 Views
rzenere_avvale
Partner - Specialist II
Partner - Specialist II

Hey there @moshea ,

I actually see them.
If you navigate to UsersPermissions, on the top right you should see a Create new button

rzenere_avvale_0-1713251561119.png

 

Which will let you create a new (custom) role

rzenere_avvale_1-1713251585974.png

 

For basic users, you should be able to see a new role called 'User Default' which should be exactly what you're looking for

rzenere_avvale_0-1713251666214.png

 

 

Riccardo

 

 

 

630 Views
moshea
Contributor III
Contributor III

Hi Rzenere_avvale,

unfortunately , I did all the steps you mentioned above and still not able to export to excel.

605 Views