Solved: Office 365 SharePoint connector permissions - Qlik Community

Joseph_Young · ‎2022-09-08

Hi Qlik!

We are having a discussion with our security team and manager for sharepoint online regarding the permissions requested during Qlik - Sharepoint connector. The App connection is correct as your guidelines and shown in picture

What the security team is concerened and want to know more information regarding is that after the connector is setup if the security on it can be "downgraded" since they want to limit access on what connector is possible to do. IE "Read and write items in all site collections", and they would want to limit this. Is it possible to afterwards "limit" the permissions or this will break "qlik".

So any addition security settings that could be adjusted afterwards would be most helpful the only information i can find is the following:

Since I'm not very proficient in what the security team requires. Does this statement mean that you change the "entire connector to use - user assignment" or is this an addition that you can create, that is a "supplement" to the connector. I understand that later on the users permissions are used so we shouldn't be able to read all sites, but some clarification would be gratefully appreciated.

Thanks

Joseph Young

Albert_Candelario · ‎2022-09-10

Hello @Joseph_Young ,

Would the information shared on Solved: Administrator approval and consent for Qlik SaaS O... - Qlik Community - 1808611 be relevant for your conversation with IT?

Check the 2 solution approved' s comments.

Also for reference.

Administrator approval and consent for Web Connect... - Qlik Community - 1713386

Cheers,

Albert

Please, remember to mark the thread as solved once getting the correct answer

View solution in original post

Albert_Candelario · ‎2022-09-10

Hello @Joseph_Young ,

Would the information shared on Solved: Administrator approval and consent for Qlik SaaS O... - Qlik Community - 1808611 be relevant for your conversation with IT?

Check the 2 solution approved' s comments.

Also for reference.

Administrator approval and consent for Web Connect... - Qlik Community - 1713386

Cheers,

Albert

Please, remember to mark the thread as solved once getting the correct answer

Joseph_Young · ‎2022-09-12

Thanks @Albert_Candelario for your reply. The information provided shows how the connector is setup and such, so i have previously been reading these posts. But it don't find any information regarding once the "main connector" is approved if the permissions can be downgraded (on the main connector), to not allow access for instance "Read write in all site collections" since we will only be using 1-2 sites for Qlik on our entire sharepoint.

What permissions it "asks for" during setup we know about, but its just that we would like to know the least priviledge required for the "main connector" so after first install we can modify the connector. If there is any other information regarding this.

I guess we could "always" test it, but security team are redundant for first installation since it means they can read "all sharepoint"

Thanks for any other information.

Albert_Candelario · ‎2022-09-18

Hello,

As per the second response of my colleague Francisco the users using it is only seeing the the list she/he has access to:

"Hi

what the connector is doing is impersonating the user and keeping the same access level as the user that impersonates.

So it's not possible to access data that the user was not supposed to see.

Best regards,"

So, would that answer your security team concerns?

Kindly, let us know and if you play with the connector once installed as well.

Cheers,

Albert

Please, remember to mark the thread as solved once getting the correct answer

Office 365 SharePoint connector permissions

Governance

SaaS

Security

Security & Governance