Qlik Community

Connectivity & Data Prep

Discussion board where members can learn more about Qlik Sense Data Connectivity.

Announcements
Support Case Portal has moved to Qlik Community! Read the FAQs to start exploring Support resources.
cancel
Showing results for 
Search instead for 
Did you mean: 
parkera
Luminary Alumni
Luminary Alumni

How to Set Expiry on Qlik Sense SaaS data connections? (Expires set to N/A) - High Risk

Hello,

Qlik SaaS Data Connections do not have a documented way to create an expiry data on them.
This means that  any Tenant Admin user can use an active data connection from ANY user to load data. 

Does anyone know how to create expiry dates, and/or prevent Tenant Admins from seeing/accessing all data connections?

There is a risk that any Tenant Admin user can use an active data connection from ANY user .

Example below is a connection to a Google account, which if left active could be used to load PII data without the user knowing.

parkera_1-1619091967339.jpeg

Another option would be to have a delete/expire data connection on completion of reload option ? Extreme but safe.

Currently the above means that we cannot advise clients to use third party data connectors in Qlik Sense SaaS for scheduled activity where sensitive data could be compromised. Single use is fine, where the user is forced to re-authenticate each time. However without and expiry date we need to advise that data connections are deleted after use. We urgently need a way to secure/expire/delete.

Labels (1)
  • SaaS

5 Replies
parkera
Luminary Alumni
Luminary Alumni
Author

@P-O_Davidson  please see above... thanks

AdamBSnotused
Partner
Partner

I'm sure you should move this to Ideas - agree with you, the Tenant Admin should not have this access.  

Qlik Sense is so good a preserving individual privacy in Personal Space, why does it not extend to data connections?  Also, Tenant Admin users having everyone's Personal Space Apps visible is not only frustrating but again contradicts the self-service user's privacy.

@Thomas_Hopp not sure if you saw this one.

Account ceded to Insight Consulting
Thomas_Hopp
Employee
Employee

Hi @parkera & @AdamBSnotused ... yes, I saw this one and we are looking into this. There are a couple of things going on right now in terms of us building a much more fine grain security control for artefacts within your Qlik Sense Tenant. But talking about this one in particular, exposing data connections to a TA like that is something we are looking into to take this capability away by default. @P-O_Davidson will talk about it as well as it touches our areas.

Will update you ASAP.

Thomas Hopp
Senior Product Manager - Cloud Native Platform
parkera
Luminary Alumni
Luminary Alumni
Author

@Thomas_Hopp  I look forward to seeing an update soon. Until then we will be advising our clients to ensure strict procedures/controls over Tenant Admin access.

Thomas_Hopp
Employee
Employee

Hello @parkera we've been looking into this more and we do have a couple of things on our roadmap plus immediate updates to come. We are planning to introduce multiple capabilities to our QSE SaaS platfrom throughout the year which are focussing on a more fine grain security control. This is targeting to remove the need for having to many Tenant Admins in your Tenant as a Tenant Admin will always come with a special set of permissions.

One example for instance will be our upcoming delivery on May 4th with the first set of default Security Roles. As one example, this allows you to assign the ability to create Managed Spaces to users and not making them a Tenant Admin in order to do this. More roles are part of the May 4th release and more to come over time plus the ability to work with customer roles later.

And when it comes to actions a Tenant Admin can do, this is logged and so to speak governed as you will be able to understand "who" did which action in your Tenant. Advising your clients to ensure strict procedures/controls over Tenant Admin access will still be the right thing to do while you will see more and more fine grain access controls capabilities becoming delivered this year. This includes as well the area of Data Connections and what Tenant Admins can see in the Hub (and use it) vs. what they can see in the Management Console (and manage it).

I will update you and the community with updates according to our plan to offer more fine grain security in QSE SaaS and let me know if you have any follow up questions.

Best regards,

Thomas

Thomas Hopp
Senior Product Manager - Cloud Native Platform