Skip to main content
Docs
Feature Requests Onboarding Trust Center Status Page

Community

New Destination: Option to restrict creating destination outside the Organization network as we do not want business data to be flowing outside.

Answered
Shivanand Bekinal User

Hi,

We have a Hybrid Deployment, and we are looking for Option to restrict creating destination outside the Organization network as we do not want business data to be flowing outside.

can you please let me know if this feature already available or it is planned in near future?

 

Regards,

Shivanand

Please sign in to leave a comment.

Comments

5 comments

Date Votes
  • Official comment
    Amanda Wong User
    • Edited

    Hi Shivanand,

    This is a valuable idea, and the request to restrict destination creation outside the organization network aligns with needs for data security in hybrid deployments. I've added this request to our feature improvements backlog for consideration.

    To better understand your requirements, could you share more about your specific use case? For example, are you looking for enforcement at a network level (such as restricting by IP ranges), or would more granular admin controls within Fivetran suffice? Understanding the problem you are trying to solve will help us define a solution that best meets your needs.

    We'll keep the community updated here on any progress or future plans for this functionality.

    Thanks,
    Amanda

  • Shivanand Bekinal User

    Hi Team,

    Thanks for taking up this request for adding a feature.

    We would prefer at a network level by only allowing the destination within CIDR range IP’s of GEHC

     

    Regards,

    Shivanand

  • Pieter Humphrey Fivetranner

    Hi Shivanand,

    Are you looking for the option to specifically restrict the creation action for destinations outside your IP ranges / CIDRs via UI, REST API, Terraform?  (application level control)

    Or are you asking for HD platform level IP allowlisting of any / all traffic to HD, irrespective of source/destination? (network level control for HD)

  • Shivanand Bekinal User

    Hi Pieter,

     

    I'm looking for Application-level control to restrict the creation action for destinations outside our IP ranges. 

     

    Regards,

    Shivanand

     

  • Pieter Humphrey Fivetranner
    • Edited

    (1) we don't have an application level permission for restricting destination creation by IP / CIDR on the roadmap at this time, but it is on our backlog now, we'll monitor upvotes and engagement.

    (2) a network level control for IP address / CIDR ranges is already in our long - term request backlog.
    you are welcome to upvote that if you like.

    That said, you have other options today, now - you could combine both, or do either #1 or #2 .

    1. Restrict who can create destinations (Fivetran RBAC)
      - Only users with Account Administrator or Destination Creator can create new destinations.
      - Remove Destination Creator from general users/teams so only a small admin group can add/edit destinations.

    2. Network Control via CSP console
    Enforce “data can’t leave” via network egress controls in your Hybrid data plane
      - Hybrid runs pipelines in your environment; you can restrict outbound traffic from the Hybrid Agent hosts to only:
        - Fivetran control-plane endpoints required for Hybrid to function, and
        - The approved internal/private destination endpoints (your warehouse/lake endpoints).