https://community.qlik.com/t5/Qlik-Replicate/Limiting-Replicate-user-s-access-to-endpoints/m-p/1913602#M2273 <P>&gt;&gt; <SPAN>Is there any way I can control which endpoints my replicate users can interact with&nbsp;</SPAN></P> <P>Noop.&nbsp;Best you can do is set up multiple replicate servers and control <EM>tasks</EM> that way. This is very commonly done for dev vs qa vs prod. And given servers could use specific database authentication to scope which tables can be read perhaps, but for many endpoints the minimal replicate user requirements already allow it to look everywhere. Specifically most sources (which ones are of your concern) required the Replicate DB used to ready the change log - which has all data for all tables. Still, if there is no access to the base table then table object numbers and table descriptions required for parsing the CDC logs would not be accessible and those those table would be protected.</P> <P>Still, You'll have to be able to trust (and audit) the task developers to select the allowed tables and target databases.&nbsp;</P> <P>Mind you, a Replicate user/operator being allow to stop/start or even define tasks does not see the bulk of the data in general. Just errors and sometimes through the highest logging level, but that's&nbsp; in the task logs which will stay behind as evidence. I think the biggest risk is&nbsp; replicate used defining a rogue target database where they do have data access and create a task to siphon data there.&nbsp; Again: trust but verify (repsrv log, exportrepository reviews, audit trails, reptask logs downloadable, but not directly accessible by those users/operators.</P> <P>Hein.</P> Sun, 03 Apr 2022 21:56:02 GMT Heinvandenheuvel 2022-04-03T21:56:02Z https://community.qlik.com/t5/Qlik-Replicate/Limiting-Replicate-user-s-access-to-endpoints/m-p/1913471#M2268 <P>I have a source end point, to a sensitive data source.<BR />Therefore I need very tight control over who has access to consume this endpoint and where the contained data is replicated to.</P> <P>Is there any way I can control which endpoints my replicate users can interact with ?</P> <P>Thanks</P> <P>&nbsp;</P> Sat, 02 Apr 2022 11:51:37 GMT https://community.qlik.com/t5/Qlik-Replicate/Limiting-Replicate-user-s-access-to-endpoints/m-p/1913471#M2268 simonB2020 2022-04-02T11:51:37Z https://community.qlik.com/t5/Qlik-Replicate/Limiting-Replicate-user-s-access-to-endpoints/m-p/1913566#M2270 <P>Hi,</P> <P>Per endpoint? no, i don't think there is a way to control which user has access to which endpoint.</P> <P>However you can decide through user permissions in replicates server tab, which user has access at all to run tasks and change endpoint settings.</P> <P>But again this is for the entire replicate server not per endpoint.</P> <P>You can give a specific user "Viewer" permissions only which will basically mean he cannot preform run time task operations and he cannot edit endpoint settings.</P> Sun, 03 Apr 2022 13:20:49 GMT https://community.qlik.com/t5/Qlik-Replicate/Limiting-Replicate-user-s-access-to-endpoints/m-p/1913566#M2270 Shai_E 2022-04-03T13:20:49Z https://community.qlik.com/t5/Qlik-Replicate/Limiting-Replicate-user-s-access-to-endpoints/m-p/1913602#M2273 <P>&gt;&gt; <SPAN>Is there any way I can control which endpoints my replicate users can interact with&nbsp;</SPAN></P> <P>Noop.&nbsp;Best you can do is set up multiple replicate servers and control <EM>tasks</EM> that way. This is very commonly done for dev vs qa vs prod. And given servers could use specific database authentication to scope which tables can be read perhaps, but for many endpoints the minimal replicate user requirements already allow it to look everywhere. Specifically most sources (which ones are of your concern) required the Replicate DB used to ready the change log - which has all data for all tables. Still, if there is no access to the base table then table object numbers and table descriptions required for parsing the CDC logs would not be accessible and those those table would be protected.</P> <P>Still, You'll have to be able to trust (and audit) the task developers to select the allowed tables and target databases.&nbsp;</P> <P>Mind you, a Replicate user/operator being allow to stop/start or even define tasks does not see the bulk of the data in general. Just errors and sometimes through the highest logging level, but that's&nbsp; in the task logs which will stay behind as evidence. I think the biggest risk is&nbsp; replicate used defining a rogue target database where they do have data access and create a task to siphon data there.&nbsp; Again: trust but verify (repsrv log, exportrepository reviews, audit trails, reptask logs downloadable, but not directly accessible by those users/operators.</P> <P>Hein.</P> Sun, 03 Apr 2022 21:56:02 GMT https://community.qlik.com/t5/Qlik-Replicate/Limiting-Replicate-user-s-access-to-endpoints/m-p/1913602#M2273 Heinvandenheuvel 2022-04-03T21:56:02Z https://community.qlik.com/t5/Qlik-Replicate/Limiting-Replicate-user-s-access-to-endpoints/m-p/1915453#M2330 <P>@<SPAN style="background-color:rgb(255,255,255);color:rgb(46,46,46);font-size:13px;"><STRONG>simonB2020 any of the advise help ?</STRONG></SPAN></P> Wed, 06 Apr 2022 17:32:21 GMT https://community.qlik.com/t5/Qlik-Replicate/Limiting-Replicate-user-s-access-to-endpoints/m-p/1915453#M2330 Steve_Nguyen 2022-04-06T17:32:21Z https://community.qlik.com/t5/Qlik-Replicate/Limiting-Replicate-user-s-access-to-endpoints/m-p/1915468#M2332 <P>Steve,<BR />None solve my use case unfortunately;&nbsp; but they do at least help me understand that it's not possible - which saves me from chasing a dead-end <span class="lia-unicode-emoji" title=":winking_face:">😉</span></P> Wed, 06 Apr 2022 17:53:58 GMT https://community.qlik.com/t5/Qlik-Replicate/Limiting-Replicate-user-s-access-to-endpoints/m-p/1915468#M2332 simonB2020 2022-04-06T17:53:58Z