<< VIEW FULL RESOURCE LIBRARY

Restricting Access to Content by User in Tableau

April 12, 2018

Tableau

Four Methods to Secure & Filter Data By User

Good news: Tableau provides ways to restrict, or filter, what data appears in visualizations based on the audience. Bad news: the mechanisms in Tableau for restricting access to sensitive content are not obvious. And to make it more challenging, Tableau’s default is to make all the data in a report visible to everyone looking at it!

In this webinar recording learn the different ways for restricting access to content with Tableau. See step-by-step demos on how to control who sees what in your visualizations. The four methods covered are

  1. Using Tableau Server groups and a workbook filter (requires Tableau Server or Tableau Online)
  2. Using Tableau’s built-in user filters (requires Tableau Server or Tableau Online)
  3. Joining to a security table
  4. Using database security to restrict access

In this whitepaper, we provide step-by-step instructions for each of the four methods.

You may also be interested in these free Tableau resources

▼ TECHNOLOGIES COVERED

Tableau

▼ PRESENTER

Monica Van Loon
Tableau Consultant and Trainer
Senturus, Inc.

▼ PRESENTATION OUTLINE 1

  • Overview – types of security in Tableau
  • Four methods to implement data security in Tableau
    • Tableau’s built-in user filters
    • Tableau Server groups and a workbook filter
    • Join to a security table
    • Use database security
  • Method 1: Tableau’s built-in user filters
    • Navigate to the worksheet to which you want to apply a filter
    • Server > Create User Filter
    • Select the field you want to use for filtering (i.e. Region)
    • In the User Filter dialog box, type a name for the set of rules you are creating (i.e. Regional Managers)
    • In the list on the left, select User/Group
    • On the right, under Members for: select what you want the selected users to see
    • Do this for each Tableau Server/ Tableau Online user
  • Method 1: pros
    • Easy to implement, user-friendly
    • Build in feature of Tableau Server
    • No Tableau Server or DBA assistance required
  • Method 1: cons
    • Must be done for each worksheet or workbook: new worksheets may show unfiltered data
    • High maintenance: if user base changes, you need to update the filter and republish
    • Security can be tenuous: if users can download and edit workbook they can see ALL of the data
    • Requires Tableau Server or Tableau Online
  • Method 2: Tableau Server with a worksheet filter
    • Create groups on Tableau server (i.e. ‘Central’, ‘East’ etc..)
    • Connect to your data source
    • Create a calculated field
    • Publish the workbook to Tableau Server
    • Note: when publishing to Tableau Server, ensure web-editing and download is set to no
  • Method 2a: Tableau Server groups with a data source filter
    • Create groups on Tableau server (i.e. ‘Central’, ‘East’ etc..)
    • Connect to your data source
    • Create your calculated field
    • In the Data Source tab – add a data source filter using the calculated field and select ‘true’
    • Publish the data source – publishers can connect to the published data source and create dashboards with built-in security
    • Note: with a data source filter you can allow web edit
  • Method 2 and 2a: pros
    • Once Tableau Server groups are set up they can be used for multiple workbooks
    • Built-in feature of Tableau Server
    • No DBA assistance required
  • Method 2 and 2a: cons
    • Must be implemented for each worksheet, workbook or data source
    • Medium maintenance: groups must be maintained in Tableau Server as users are added deleted and move
    • Security can be tenuous: if users can download and edit workbook they can potentially see ALL of the data
    • New worksheets may show unfiltered data
    • Requires Tableau Server or Tableau Online
  • Method 3: join to a security table
    • Create a security table
    • Join data source to security table
    • Create a calculated field
    • Note: the security table needs to have a one to one mapping with data table or you may get duplicate rows
  • Option: create a published data source
  • Advantages of a published data source
    • Shared business-friendly semantic layer
    • Reusable
    • Single source of the truth
    • Secure with data source filter
    • Note: you need a 1 to 1 mapping to security table to avoid row duplication
  • Option: Use Subscriptions
    • Tableau Server Subscriptions are a great way to distribute content
    • Each subscribed user gets a user specific view with a thumbnail

▼ PRESENTATION OUTLINE 2

  • Method 4: use database security
    • Example: security embedded in a database view:
    • Create or replace view My_Employee_Details as select e.employee_id, e.first_name, e.last_name, e.salary, m.Last_name manager_name from HR.employees e, HR.employees m where e.manager_id = m.employee_id and upper(m.LAST_NAME) = user;
    • Note: there are many ways to accomplish this; the syntax is often database specific, for example: user is Oracle specific; in SQL Server it would be current_user or session_user or current_user
  • Method 4: pros
    • Security implemented in the database level can be shared by other reporting tools
    • Security information can be extracted from other sources (i.e. HR systems like Workday and built into a database view or materialized view)
    • Very flexible and hierarchies can be implemented (i.e. VP – Regional Manager – Department Manger …)
  • Method 4: cons
    • Must be set-up prior to publishing workbook
    • DBA assistance required
    • Medium maintenance: DBA need to maintain database ID’s that map to security
  • Secure your data – functionality matrix
  • Good – Tableau Server with user filters
  • Better – Tableau Server groups or a database security table
  • Best – A fully integrated, automated and shared data security model
  • Takeaways
    • Multiple ways to secure and restrict data shown in Tableau
    • Requirements, restrictions and maintenance vary by method
    • Many combinations and variations for each method
    • Contact Senturus if you need help