Extend the existing IP allowlist / network restriction mechanism in Jedox Cloud to also cover OData, Logs, and SFTP endpoints so they are fully protected at network level and not publicly accessible.

In Jedox Cloud environments with Network Restrictions (IP allowlisting) enabled, all externally exposed service endpoints should consistently enforce the same network-level access controls.

Currently, certain endpoints (e.g., Web/UI and OLAP APIs) are protected by IP allowlisting, while others such as OData services, Logs APIs, and SFTP interfaces may remain publicly reachable and rely solely on authentication mechanisms (e.g., Basic Authentication, PAT, certificates). This creates an inconsistency in the security model and increases exposure in regulated or security-sensitive environments.

The proposed enhancement is to extend the existing Network Restriction / IP allowlist framework so that all externally accessible endpoints—including OData, Logs APIs, and SFTP—can be explicitly included in the same network-level restriction policy.

This would ensure:

• A consistent and predictable security model across all services

• Elimination of unintended public exposure of technical endpoints

• Improved compliance alignment for regulated industries

• Defense-in-depth by combining network-level controls with authentication

Ideally, administrators should be able to centrally manage and verify that all service endpoints are either covered by the global IP restriction policy or configurable individually within the same framework.