Skip to main content

Suggest an Idea

Vote for your favorite Qlik product ideas and add your own suggestions.

Announcements
You can succeed best and quickest by helping others to succeed. Join the conversation.

SQL-Server endpoint - option to select a different account for windows authentication mode

sidneyb
Contributor III
Contributor III

SQL-Server endpoint - option to select a different account for windows authentication mode

When creating a new end-point, either for source or target, Qlik Replicate provides 2 options Windows Authentication and SQL Server authentication.

The "Windows Authentication" option is our preferred, more secure option and reduces the burden of managing multiple DB accounts, however QR does not allow one to select a different account, it leverages the underline account that runs the service.

Which increase security exposure as a QR uses the same elevated account that runs it service and connects to multiple databases.

Would it be possible to enable an option to indicate which service account should be used? There will some scenarios where access to DB are very restricted and we are trying to avoid using SQL Server authentication.

6 Comments
rlisio
Contributor
Contributor

This would be a certainly needed feature in my case!

Shelley_Brennan
Employee
Employee
 
Status changed to: Open - Collecting Feedback
rlisio
Contributor
Contributor

In case I'm allowed to provide further feedback on this. Having the chance to provide which LAN ID will be used for Windows Credentials would actually help in many ways:

1) Avoiding to expose sysadmin of multiple sql server databases replicated because we can only use a single LAN ID: the one that runs Qlik Windows Services

2) Isolate LAN ID for Qlik Replicate Services from any database at all  

aplima
Contributor III
Contributor III

Any update on this?

The capability to separate which account runs which task will allow us to break the resistance of some application/database owners to grant the dbowner rights required for CDC. In many of those use cases, we are forced to rely on other technologies like ADF with a batch process, just because it requires less privileged rights.

Also, if I'm not mistaken, Replicate already runs a separate windows process for each task, so with the proper configuration settings on the endpoint and the rights permissions on the file system, it shouldn't be a difficult implementation.  I have another vendor product that enable the same windows authentication mentioned above, the way it does that is by using the standard Windows RunAs command with any given account with minimal permissions on key folders used by the product. 

 

Meghann_MacDonald

From now on, please track this idea from the Ideation portal. 

Link to new idea

Meghann

NOTE: Upon clicking this link 2 tabs may open - please feel free to close the one with a login page. If you only see 1 tab with the login page, please try clicking this link first: Authenticate me! then try the link above again. Ensure pop-up blocker is off.

Ideation
Explorer II
Explorer II
 
Status changed to: Closed - Archived