Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Suggest an Idea

Vote for your favorite Qlik product ideas and add your own suggestions.

Announcements
This page is no longer in use. To suggest an idea, please visit Browse and Suggest.

SQL-Server endpoint - option to select a different account for windows authentication mode

sidneyb
Contributor III
Contributor III
‎2020-10-23 02:55 PM

SQL-Server endpoint - option to select a different account for windows authentication mode

When creating a new end-point, either for source or target, Qlik Replicate provides 2 options Windows Authentication and SQL Server authentication.

The "Windows Authentication" option is our preferred, more secure option and reduces the burden of managing multiple DB accounts, however QR does not allow one to select a different account, it leverages the underline account that runs the service.

Which increase security exposure as a QR uses the same elevated account that runs it service and connects to multiple databases.

Would it be possible to enable an option to indicate which service account should be used? There will some scenarios where access to DB are very restricted and we are trying to avoid using SQL Server authentication.

Status: Closed - Archived Submitted by Contributor III on ‎2020-10-23 02:55 PM
792 Views
6 Comments
rlisio
Contributor
Contributor
‎2020-11-17 05:25 AM

This would be a certainly needed feature in my case!

Shelley_Brennan
Former Employee
Former Employee
‎2021-02-22 09:18 AM
 
Status changed to: Open - Collecting Feedback
rlisio
Contributor
Contributor
‎2021-03-01 10:55 AM

In case I'm allowed to provide further feedback on this. Having the chance to provide which LAN ID will be used for Windows Credentials would actually help in many ways:

1) Avoiding to expose sysadmin of multiple sql server databases replicated because we can only use a single LAN ID: the one that runs Qlik Windows Services

2) Isolate LAN ID for Qlik Replicate Services from any database at all  

aplima
Contributor III
Contributor III
‎2022-02-03 02:49 PM

Any update on this?

The capability to separate which account runs which task will allow us to break the resistance of some application/database owners to grant the dbowner rights required for CDC. In many of those use cases, we are forced to rely on other technologies like ADF with a batch process, just because it requires less privileged rights.

Also, if I'm not mistaken, Replicate already runs a separate windows process for each task, so with the proper configuration settings on the endpoint and the rights permissions on the file system, it shouldn't be a difficult implementation.  I have another vendor product that enable the same windows authentication mentioned above, the way it does that is by using the standard Windows RunAs command with any given account with minimal permissions on key folders used by the product. 

 

Meghann_MacDonald
Employee
Employee
‎2023-08-02 12:31 PM

From now on, please track this idea from the Ideation portal. 

Link to new idea

Meghann

NOTE: Upon clicking this link 2 tabs may open - please feel free to close the one with a login page. If you only see 1 tab with the login page, please try clicking this link first: Authenticate me! then try the link above again. Ensure pop-up blocker is off.

Ideation
Explorer II
Explorer II
‎2023-08-02 12:31 PM
 
Status changed to: Closed - Archived
Subscribe by Topic