Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Global Transformation Awards! Applications are now open. Submit Entry
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
i_vladimirova
Partner - Contributor II
Partner - Contributor II
‎2021-05-18 05:18 AM

Administrator approval and consent for Qlik SaaS Office 365 Sharepoint Connector

Hello,

How can I get admin authorization for Qlik Office 365 Sharepoint Connector in Qlik SaaS? Who is the admin that will receive the access request notification?

I have attached below the messages received during the connection setup in Qlik SaaS.

The user that I'm using to log in when creating the connection has access to the specific Sharepoint site. What steps do I need to follow to get the authorization? I have read this article (https://support.qlik.com/articles/000101483), but I think it's related to Qlik Web Connectors for QlikSense Enterprise on-prem, not SaaS.

Thanks for your help!

I.V.

 

 

Labels (3)
Labels
Preview file
24 KB
Preview file
20 KB
4,217 Views
2 Solutions

Accepted Solutions
Francisco_Fernandez
Support
Support
‎2021-05-19 06:53 AM

Hello,

The SaaS and on-premise version work the same way, that request will be sent either to the Application Administrator or Global Administrator on azure.

You would have to use one of those roles to register the application if this is the first time using the connector.

https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/

These are the current permissions requested when authenticating with the admin account on the connector :

https://community.qlik.com/t5/Knowledge-Base/Sharepoint-365-connector-current-permissions-requested/...

Best regards,

View solution in original post

4,181 Views
Francisco_Fernandez
Support
Support
‎2022-06-16 09:35 AM

In response to DavidFosterVF

Hi @DavidFosterVF ,

what the connector is doing is impersonating the user and keeping the same access level as the user that impersonates.

So it's not possible to access data that the user was not supposed to see.

Best regards,

View solution in original post

3,668 Views
0 Likes
6 Replies
Francisco_Fernandez
Support
Support
‎2021-05-19 06:53 AM

Hello,

The SaaS and on-premise version work the same way, that request will be sent either to the Application Administrator or Global Administrator on azure.

You would have to use one of those roles to register the application if this is the first time using the connector.

https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/

These are the current permissions requested when authenticating with the admin account on the connector :

https://community.qlik.com/t5/Knowledge-Base/Sharepoint-365-connector-current-permissions-requested/...

Best regards,

4,182 Views
IVL
Partner - Contributor
Partner - Contributor
‎2021-05-26 03:53 PM

In response to Francisco_Fernandez

Thank you for your reply, Francisco!

4,137 Views
0 Likes
DavidFosterVF
Creator
Creator
‎2022-06-16 06:36 AM

Does this mean that the connector 'app', by default, overrides user security and is given access to all content in the sharepoint tenancy? My assumption/hope is that the approval message is a bit misleading and does not mention that specific site collection access is dependent on the authenticated user.

3,679 Views
0 Likes
Francisco_Fernandez
Support
Support
‎2022-06-16 09:35 AM

In response to DavidFosterVF

Hi @DavidFosterVF ,

what the connector is doing is impersonating the user and keeping the same access level as the user that impersonates.

So it's not possible to access data that the user was not supposed to see.

Best regards,

3,669 Views
0 Likes
veronica1
Partner - Contributor III
Partner - Contributor III
‎2024-08-13 03:28 AM

In response to Francisco_Fernandez

Hi @Francisco_Fernandez , @Albert_Candelario I've landed here following this post

https://community.qlik.com/t5/Security-Governance/Office-365-SharePoint-connector-permissions/td-p/1...

I'm interested in resolving the issue of the permission "in all site collections" as our IT is concerned about that.

veronica1_1-1723533815687.png

From your answers it seems that the connector only impersonates the user and keeps the same level of access, but if it is so, why the different phrasing in the message?

Also, our users tested it and they reported they saw lists they were not supposed to see.

Last question. Our IT configured the grants as such (for now lists are disabled) but Qlik support told us that they should have given User consent instead of Admin consent, is that right?

veronica1_2-1723534036770.png

Thanks so much in advance

Veronica

 

812 Views
0 Likes
veronica1
Partner - Contributor III
Partner - Contributor III
‎2024-08-19 06:15 AM

In response to veronica1

also, it seems that these are the current api requested, which are delegated:

  • Files.Read.All - Read all files that user can access.
  • Files.ReadWrite - Have full access to user files.
  • Sites.Read.All - Read items in all site collections.
  • Sites.Manage.All - Create, edit, and delete items and lists in all site collections.
  • Sites.ReadWrite.All - Edit or delete items in all site collections.
  • offline_access - Maintain access to data you have given it access to
  • User.Read - Sign in and read user profile.
  • GroupMember.Read.All - Read group memberships.

veronica1_0-1724062505359.png

 

749 Views
0 Likes