Show Table of Contents
When you share workbooks with others by publishing them to Tableau Server or Online, by default, all users who have access to the workbooks can see all of the data shown in the views. You can override this behavior by applying a type of filter that allows you to specify which data “rows” any given person signed in to the server can see in the view.
Suppose you created a quarterly sales report for a set of products over several years, in different geographic regions.
When you publish this report, you want to allow each regional manager to see only the data relevant to his or her region. Rather than creating a separate view for each manager, you can apply a user filter that restricts access to the data based on users’ characteristics, such as their role.
Restricting access to data in this way is referred to as row-level security (RLS). Tableau offers the following approaches to row-level security:
This method is convenient but high maintenance, and security can be tentative. It must be done per-workbook, and you must update the filter and republish as your user base changes.
Using this method, you create a calculated field that automates the process of mapping users to data values. This method requires that the underlying data include the security information you want to use for filtering.
The most common way to do this is to use a reference (or “look-up”) table that contains this information. For example, if you want to filter a view so that only managers can see it, the underlying data must include user names and specify each user’s role.
Because filtering is defined at the data level and automated by the calculated field, this method is more secure than mapping users to data values manually.
The two approaches in the previous section describe ways to add filters to data embedded in workbooks. If multiple workbooks connect to the same data, instead of wrangling filters on each workbook, you can filter the data source, and then connect the workbooks to the data source after you publish it.
Workbooks that connect to your filtered data source expose only the data the user signed in to the server is allowed to see. In addition, all connected workbooks show data refreshes as they occur.
The related topic describes how to publish a live connection with user filters. Publishing extracts with user filters has its own complications around row duplication and performance. These are not addressed here.
However, we can direct you a comprehensive discussion about row level security with extracts, on a blog maintained by a Tableau Sales Consultant who has extensive experience with this area. See the following two posts:
Part 2 contains what our Sales Consultant refers to as the “scalable” approach. This is described in the Advanced Solutions section of Part 2.
Disclaimer: Clicking these links will take you away from Tableau.com. Although we make every effort to ensure links to external websites are accurate and relevant, Tableau cannot take responsibility or provide support for the external content.
For further help with publishing extracts with user filters, we recommend that you work with the Tableau Professional Services team.
Data Security in the Tableau Server Help