Permissions on Tableau Server

by Molly Hatch

One important feature of Tableau Server are the permissions that can be applied to workbooks or projects. These permissions set boundaries on what a user can view or do with certain content and can be set at a user or group level. This blog will look at how to add permissions to projects.

How to add Permissions

When creating permissions for a project, click on the 3 dots to bring up the permissions dialogue window:

Permissions dialogue window:

This window will show the default permissions set for ‘All Users’ within the site as well as any additional permissions set in parent projects. 

Permissions are the rules you set to specify which capabilities are allowed or restricted for a user/group for certain content. These rules are specified when setting up a permission which is what we will go through below.

To add permissions to a project, select the ‘+Add user or group rule’ and select the group or user you would like to apply permissions to.

Here you can make permissions at multiple different levels (Project, Workbook, Data Sources) and customise the rules you would like to enforce. Click on the arrows to expand each window to see the capabilities specific for that type of content.

Once you have selected the user or group, you can set permissions by one of two ways:

  1. Select individual capabilities
  2. Select the drop down window where default rules are set based on the role type you choose. Each type of content has default permission roles that you can select:
  • None: sets all capabilities to unspecified
  • Denied: sets all capabilities to denied
  • Additional roles which change depending on the type of content.

You have 3 options when selecting permissions for a capability:

  • Green tick: Allowed – The user is allowed to perform this action
  • Red tick: Denied – The user is not allowed to perform this action
  • Blank: Unspecified 

In this example, we can see that for workbooks, the ‘Interactor’ role has been selected which allows all capabilities for Viewing and Interacting/Editing a workbook but doesn’t specify the rules for further Editing.

As I mentioned earlier, in each content window, selecting a role type will provide you with a default selection of capabilities allowed. However you can also create custom configurations. For example, if I wanted this user to have all the workflow permissions that come with an ‘Interactor’ role (as selected above) however I wanted to customise it so that the below conditions were met, I could create a custom configuration.

  • They cannot add comments
  • They cannot web edit
  • They can save
  • They can download workbook or save as

Permission Hierarchy

Within Tableau Server, content exists within projects therefore the level that you apply permissions is very important. When creating permissions at a project level, you can choose whether you want to apply the permission rules set for the project to all content within. You can do this by ‘Locking’ the rules to that project as per the below:

This will apply all the permissions you have set at a project level, to all the content within that project. However if you would like the option to change the permissions of content within each project, select the ‘Managed by Owner’ option.

You can find this option within the permissions configuration window:

Photo by Dan Gold, StockSnap