Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Join us at Qlik Connect for 3 magical days of learning, networking,and inspiration! REGISTER TODAY and save!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
parkera
Partner Ambassador
Partner Ambassador
‎2021-04-22 08:01 AM

How to Set Expiry on Qlik Sense SaaS data connections? (Expires set to N/A) - High Risk

Hello,

Qlik SaaS Data Connections do not have a documented way to create an expiry data on them.
This means that  any Tenant Admin user can use an active data connection from ANY user to load data. 

Does anyone know how to create expiry dates, and/or prevent Tenant Admins from seeing/accessing all data connections?

There is a risk that any Tenant Admin user can use an active data connection from ANY user .

Example below is a connection to a Google account, which if left active could be used to load PII data without the user knowing.

parkera_1-1619091967339.jpeg

Another option would be to have a delete/expire data connection on completion of reload option ? Extreme but safe.

Currently the above means that we cannot advise clients to use third party data connectors in Qlik Sense SaaS for scheduled activity where sensitive data could be compromised. Single use is fine, where the user is forced to re-authenticate each time. However without and expiry date we need to advise that data connections are deleted after use. We urgently need a way to secure/expire/delete.

Labels (1)
Labels

  • SaaS

1,306 Views
5 Replies
parkera
Partner Ambassador
Partner Ambassador
‎2021-04-22 10:54 AM
Author

@P-O_Davidson  please see above... thanks

1,248 Views
0 Likes
AdamBSnotused
Partner - Contributor III
Partner - Contributor III
‎2021-04-23 03:29 AM

I'm sure you should move this to Ideas - agree with you, the Tenant Admin should not have this access.  

Qlik Sense is so good a preserving individual privacy in Personal Space, why does it not extend to data connections?  Also, Tenant Admin users having everyone's Personal Space Apps visible is not only frustrating but again contradicts the self-service user's privacy.

@Thomas_Hopp not sure if you saw this one.

Account ceded to Insight Consulting
1,227 Views
0 Likes
Thomas_Hopp
Employee
Employee
‎2021-04-23 08:55 AM

Hi @parkera & @AdamBSnotused ... yes, I saw this one and we are looking into this. There are a couple of things going on right now in terms of us building a much more fine grain security control for artefacts within your Qlik Sense Tenant. But talking about this one in particular, exposing data connections to a TA like that is something we are looking into to take this capability away by default. @P-O_Davidson will talk about it as well as it touches our areas.

Will update you ASAP.

Thomas Hopp
Senior Product Manager - Cloud Native Platform
1,213 Views
parkera
Partner Ambassador
Partner Ambassador
‎2021-04-23 10:24 AM
Author

@Thomas_Hopp  I look forward to seeing an update soon. Until then we will be advising our clients to ensure strict procedures/controls over Tenant Admin access.

1,196 Views
0 Likes
Thomas_Hopp
Employee
Employee
‎2021-04-26 12:19 PM

Hello @parkera we've been looking into this more and we do have a couple of things on our roadmap plus immediate updates to come. We are planning to introduce multiple capabilities to our QSE SaaS platfrom throughout the year which are focussing on a more fine grain security control. This is targeting to remove the need for having to many Tenant Admins in your Tenant as a Tenant Admin will always come with a special set of permissions.

One example for instance will be our upcoming delivery on May 4th with the first set of default Security Roles. As one example, this allows you to assign the ability to create Managed Spaces to users and not making them a Tenant Admin in order to do this. More roles are part of the May 4th release and more to come over time plus the ability to work with customer roles later.

And when it comes to actions a Tenant Admin can do, this is logged and so to speak governed as you will be able to understand "who" did which action in your Tenant. Advising your clients to ensure strict procedures/controls over Tenant Admin access will still be the right thing to do while you will see more and more fine grain access controls capabilities becoming delivered this year. This includes as well the area of Data Connections and what Tenant Admins can see in the Hub (and use it) vs. what they can see in the Management Console (and manage it).

I will update you and the community with updates according to our plan to offer more fine grain security in QSE SaaS and let me know if you have any follow up questions.

Best regards,

Thomas

Thomas Hopp
Senior Product Manager - Cloud Native Platform
1,161 Views
0 Likes