Qlik Community

Suggest an Idea

Vote for your favorite Qlik product ideas and add your own suggestions.

Announcements
IMPORTANT security patches for GeoAnalytics Server available to download: READ DETAILS

Security enhancement request to QEM - Access to source and target

l9phan1
Creator
Creator

Security enhancement request to QEM - Access to source and target

In the current version of QEM, anyone that can login to QEM have the ability to access source and target created by other people.  Example: user1 can create a new task in QEM using source and target created previously by user2.  This create a security issue since outside of the QEM application the user1 doesn't have access to source and target that user2 have access.  It would be ideal to have source and target permission similiar to task permission.

10 Comments
BradA
Contributor III
Contributor III

I agree that QEM and the Replicate UI should be able to assign access controls at the individual Endpoint level as can be done for an individual task.

Ola_Mayer
Employee
Employee

Thank you for your feedback, we are currently collecting additional feedback.

Status changed to: Open - Collecting Feedback
Matthew_Christian
Contributor
Contributor

This feature is very important to us from a data privacy perspective.

My team works in a governance and compliance role and we use Attunity to move data for several highly sensitive data sources. We discussed the lack of controls at the endpoint and task level with our compliance counsel and it's considered to be a data privacy compliance risk. Our current workaround is to use separate servers for different content, but that's not really scalable for a global organization. 

Having this feature is key for us to use the product in a scalable, cost-effective manner. 

JonCarpenter
Contributor II
Contributor II

The ability to control access to endpoints is an important topic in my organization as well. We have an analytics group that is separate from IT. Our IT group needs to maintain security on the source systems and ensure compliance with our security policies.  It would be ideal to have a granular way to control endpoint access within Replicate itself, and QEM.

l9phan1
Creator
Creator
I am glad to see you have the same concern.


paullewis
Contributor
Contributor

Big Up Vote!!!

This SER is spot on by detailing a glaring hole in the QEM/Replicate security model. It is not sufficient to hide a task from prying eyes. The products should also protect the source and target endpoints to ensure that NO unauthorized access or manipulation of data can occur.

Currently anyone with developer access to Replicate can create a task, assign any source endpoint they choose and replicate data. Once replication is complete they delete the task and nobody is the wiser. Sure the activity is recorded in logs, but these are not easily digestible and there are no reports that can easily be run to see who created/executed tasks with which endpoints during a period of time.

This gap in security is forcing my corporation to stand up "secure" replicate servers with tight access permissions to prevent the potential unauthorized access or manipulation of data. This is an unnecessary cost and administrative burden that can be eliminated by simply applying the same security model to endpoints that is currently in place for tasks.

JCJnr
Contributor II
Contributor II

Another Big Vote !!!

Working in a Banking environment, the are some system replicating Credit Card Numbers, and this cause a serious risk for the bank.

I really cannot wait for this enhancement to be build..

Please Please Please!!!!!!!

sidneyb
Contributor III
Contributor III

Any updates on this new feature, it's becoming a key item for us to enable replication of sensitive data without having to stand up new instances of Qlik Replicate.

Shelley_Brennan
Employee
Employee

Thank you for all of the good input.  This is in the Replicate roadmap and will update when development is underway.  Thank you!

Status changed to: Open - On Roadmap
andile
Contributor
Contributor

Security is very critical. I had opened a support case after seeing the highlighted message from QEM window. This feature is key as is the task permissions. No user should be able to make changes on other user's endpoints. It's like the concept of least privilege. You wanna give users the least access so that they can only manage what is theirs only.Endpoint Level Permissions.png