Today businesses have so much data that they use. This is great as managers and analysts can see what’s happening within each department. However, the data may contain sensitive information that shouldn’t be accessible to everyone within the business. In most cases, there is a need for high-level of security and control over access to some information and reports. Data governance and security is made quick and easy with Tableau Server. I will breakdown how to use Tableau Server to grant and restrict permissions to people within the organization to see and interact with data sources and dashboards.
Let’s first look at Tableau Server and understand how it works. Once you log in you will have the option to pick a site. A Site is a collection of data sources, projects, and workbooks. For example, a company may have a Site for each department.
After accessing the Site window there is an overview page showing the Sites available listed under “Name”, the number of users on the Site, who is the Site Administrator, max users, and storage information. New Sites can be created at the left orange window and the main page, or existing ones can be edited by selecting and clicking on the three dots next to the Site.
The Content tab contains all saved projects, workbooks and data sources. Depending on the Users assigned role and permission the view on the content tab changes. Within the shown dummy project, you can see that I can change the permissions, change ownership, delete or rename the project. In addition to these options, workbooks can be downloaded or moved from one to another project.
Users are assigned roles. The role determines the maximum permissions allowed for the user. The roles are:
- Server Administrator is the user that has full access to all server and site functionality, all content on the server, and all users. This role is assigned to the person managing the server.
- Site Administrator role also manages things in the server but the role is different than the Server Administrator. This person manages everything on a Site level, such as data sources, projects, workbooks, and groups for the site. The Server Administrator manages the Site Administrators essentially giving them permission to manage the Site.
- Publisher, as the name suggests, this role allows users to publish content on the Server. The Publisher can view and interact with published workbooks and data sources. Publishers cannot manage users.
- Interactors can view and interact with publish content but cannot publish themselves.
- Viewers can see the published workbooks but cannot interact with them. They can see the workbooks in a static form like an image and cannot use filters and select anything.
- Unlicensed users cannot log into the server as they have no license to do so. They are usually imported in the server from a CSV file with all the employee names and may not require Server access. An unlicensed role can be assigned to employees that will be interacting with the Server content but the number of available licenses is reached at the time you add or import users.
As mentioned, users are assigner Roles and publish content is assigned Permissions for users. The Permission tab is divided in permissions for viewing, interacting and editing the content. The permission can be assigned to each user or each group of users (say a group of managers for a certain region). After the user or group is brought in, the permission can be selected from the second column named “Permissions” or a custom permission can be assigned by changing the default permission type. These are the default permission types:
- Editors have full right to interact and change the workbook and underlying data source.
- Interactors have some fewer rights than the editors. They can see the workbook and filter it, download the full data and use web edit. The difference is they cannot change the underlying data source.
- Viewers can see the workbooks and download it as pdf or image, download the summary data and see and write comments. They are denied access to the full data and they can’t use filters in the dashboard. This is an important feature that we may want to enable for the viewer. We can do this manually as explained below
- None can be selected if we have not decided to give this person any permissions yet. They still cannot view the content
- Denied users are specifically banned from seeing the content
The default permissions can be modified easily by manually selecting the green check marks as seen in the picture above. The permission name changes to custom.
Now rarely we will have only individual users who need to be assigned permissions on our content. Usually, we might want to authorize a whole department to see our work and doing this manually for every user is time-consuming. The solution is creating groups of users and assigning permissions to the whole group. This is a quick and easy way to manage users
This is a quick and easy way to manage users from the aspect of the Server Administrator as well. They are able to manage the server on a higher organizational level easily by utilizing user group.
That was my overview of managing content with Tableau Server. I hope the breakdown was easy to understand and will be useful!