Home > Tableau Server > Tableau Server Permissions Best Practice

Tableau Server Permissions Best Practice

November 29th, 2012 Leave a comment Go to comments

If you have had to use Tableau Server in medium to large environments it’s likely you have had to deal with Tableau Server permissions . Initially I found it wasn’t the most logical way of assigning permissions, I had to do a lot of repetitive tasks.

The thing to keep in mind is that Tableau Server permissions work at each level and can require assigning at each level – i.e. view => workbook => project – but if you assign permissions from the workbook level or below, if the permissions differ for many workbooks/views in the project maintenance becomes increasingly time consuming.  I have found the most efficient way to assign permission is from the top down – i.e. project => workbook => view – and I’ll explain the reasons later in the article.

To add permissions to a project, workbook or view you need to select it and click Permissions. If you have admin rights then you’ll know Tableau well enough to figure that out.

Once you are in the Permissions area and have clicked Add/Edit Permissions then you can select your groups/users that you want to assign permissions, and this is where things start to get painful if you have many to add. Each group/user needs to be added 1 by 1, going back to the start and clicking Add/Edit Permissions for each new group/user you wish to add.

Another thing to note is that permissions also need to be assigned to the contents of the level you are assigning the permissions. If assigning Project level permissions these need to be ‘pushed down’ to also apply to the workbooks and views within the project. The same applies to Workbook level – the permissions need to be ‘pushed down’ to apply to the views within the workbook. To ‘push down’ the permissions there’s a link Assign Permissions to Contents which is alongside the Add/Edit Permissions link. Be careful though, this has a few consequences.

Consequence 1

If you don’t Assign Permissions to Contents they won’t be reflected in the objects below so your users will not be able to see what you think they are able to see. For example if you have assigned Project level and not Assigned Permissions to Contents the users won’t be able to see the views.

Consequence 2

When Assigning Permissions to Contents this overwrites the existing permissions on the contents and gives everything the same permissions to the top object. If you have a few workbooks with user/group permissions not set at project level but are attached to a workbook, for example, and you Assign Permissions to Contents from project level, all of the existing workbook permissions will be overwritten with the new project permissions.

Top down management of permissions is best

I’ve discovered it’s far quicker and easier to delete a user/group rather than add – which is why I recommend using a top down approach to assign permissions. If you assign all of the permissions at project level and Assign Permissions to Contents it is far quicker to select the workbooks and views you wish to remove the permissions and remove them by clicking the blue ‘x’ adjacent to the blue ‘edit’ at the right side of the Permissions area. To remove a permission it’s only 1 click per user/group vs the 4 or 5 required to add permissions per user/group. As you can imagine if you’re dealing with many users and many workbooks/views the 4-5 clicks per user quickly adds up.

On downloading a workbook from the server, editing and republishing you should find it keeps the workbook level permissions that it had on download. If you’re just republishing from a master copy held somewhere off the tableau server then check the default workbook level permissions when republishing. The workbook won’t automatically pick up the project level permissions on republish, these need to be assigned.

  1. No comments yet.
  1. No trackbacks yet.