Good news: Tableau provides ways to restrict, or filter, what data appears in visualizations based on the audience. Bad news: the mechanisms in Tableau for restricting access to sensitive content are not obvious. And to make it more challenging, Tableau’s default is to make all the data in a report visible to everyone looking at it!
In this on-demand webinar, learn the different ways for restricting access to content with Tableau. See step-by-step demos on how to control who sees what in your visualizations. The four methods covered are
- Using Tableau Server groups and a workbook filter (requires Tableau Server or Tableau Online)
- Using Tableau’s built-in user filters (requires Tableau Server or Tableau Online)
- Joining to a security table
- Using database security to restrict access
In this blog, we provide step-by-step instructions for each of the four methods.
You may also be interested in these free Tableau resources
- The Perks and Pitfalls of Tableau Server – webinar recording describing success strategies for expanding Tableau company wide
- Six Ways to Publish and Share Tableau Content – blog with details on how to distribute your Tableau content
Presenters
Monica Van Loon
Tableau Consultant and Trainer
Senturus, Inc.
Presentation outline
- Overview – types of security in Tableau
- Four methods to implement data security in Tableau
- Tableau’s built-in user filters
- Tableau Server groups and a workbook filter
- Join to a security table
- Use database security
- Method 1: Tableau’s built-in user filters
- Navigate to the worksheet to which you want to apply a filter
- Server > Create User Filter
- Select the field you want to use for filtering (i.e. Region)
- In the User Filter dialog box, type a name for the set of rules you are creating (i.e. Regional Managers)
- In the list on the left, select User/Group
- On the right, under Members for: select what you want the selected users to see
- Do this for each Tableau Server/ Tableau Online user
- Method 1: pros
- Easy to implement, user-friendly
- Build in feature of Tableau Server
- No Tableau Server or DBA assistance required
- Method 1: cons
- Must be done for each worksheet or workbook: new worksheets may show unfiltered data
- High maintenance: if user base changes, you need to update the filter and republish
- Security can be tenuous: if users can download and edit workbook they can see ALL of the data
- Requires Tableau Server or Tableau Online
- Method 2: Tableau Server with a worksheet filter
- Create groups on Tableau server (i.e. ‘Central’, ‘East’ etc..)
- Connect to your data source
- Create a calculated field
- Publish the workbook to Tableau Server
- Note: when publishing to Tableau Server, ensure web-editing and download is set to no
- Method 2a: Tableau Server groups with a data source filter
- Create groups on Tableau server (i.e. ‘Central’, ‘East’ etc..)
- Connect to your data source
- Create your calculated field
- In the Data Source tab – add a data source filter using the calculated field and select ‘true’
- Publish the data source – publishers can connect to the published data source and create dashboards with built-in security
- Note: with a data source filter you can allow web edit
- Method 2 and 2a: pros
- Once Tableau Server groups are set up they can be used for multiple workbooks
- Built-in feature of Tableau Server
- No DBA assistance required
- Method 2 and 2a: cons
- Must be implemented for each worksheet, workbook or data source
- Medium maintenance: groups must be maintained in Tableau Server as users are added deleted and move
- Security can be tenuous: if users can download and edit workbook they can potentially see ALL of the data
- New worksheets may show unfiltered data
- Requires Tableau Server or Tableau Online
- Method 3: join to a security table
- Create a security table
- Join data source to security table
- Create a calculated field
- Note: the security table needs to have a one to one mapping with data table or you may get duplicate rows
- Option: create a published data source
- Advantages of a published data source
- Shared business-friendly semantic layer
- Reusable
- Single source of the truth
- Secure with data source filter
- Note: you need a 1 to 1 mapping to security table to avoid row duplication
- Option: Use Subscriptions
- Tableau Server Subscriptions are a great way to distribute content
- Each subscribed user gets a user specific view with a thumbnail
-
- Method 4: use database security
- Example: security embedded in a database view:
- Create or replace view My_Employee_Details as select e.employee_id, e.first_name, e.last_name, e.salary, m.Last_name manager_name from HR.employees e, HR.employees m where e.manager_id = m.employee_id and upper(m.LAST_NAME) = user;
- Note: there are many ways to accomplish this; the syntax is often database specific, for example: user is Oracle specific; in SQL Server it would be current_user or session_user or current_user
- Method 4: pros
- Security implemented in the database level can be shared by other reporting tools
- Security information can be extracted from other sources (i.e. HR systems like Workday and built into a database view or materialized view)
- Very flexible and hierarchies can be implemented (i.e. VP – Regional Manager – Department Manger …)
- Method 4: cons
- Must be set-up prior to publishing workbook
- DBA assistance required
- Medium maintenance: DBA need to maintain database ID’s that map to security
- Secure your data – functionality matrix
- Good – Tableau Server with user filters
- Better – Tableau Server groups or a database security table
- Best – A fully integrated, automated and shared data security model
- Takeaways
- Multiple ways to secure and restrict data shown in Tableau
- Requirements, restrictions and maintenance vary by method
- Many combinations and variations for each method
- Contact Senturus if you need help
- Method 4: use database security
