Content Access and Ownership
In Tableau Server, you set content permissions to specify who is allowed to work with which content resources on a particular site.
For example, you can tightly restrict who has access to your company’s financial information, but widely share organizational development content.
Content resources on which you will generally assign permissions include the following:
Views in a workbook inherit permissions from the workbook, although you might have an edge case for which you want to set permissions for a single view.
What makes up a user’s permissions
When Tableau determines which tasks (or capabilities) a user is allowed to perform on a content resource, it takes the following pieces into account:
Site roles: At the time that you add users to a site, you must apply a site role to them. This is the only setting that you apply to users (as opposed to content) to affect permissions. The site role determines whether the user can publish, interact with, or only view published content on that site. See Set Users’ Site Roles.
Permission rules and templates: You assign content access through permission rules. These rules describe the capabilities that you want a user or group to be able to perform on a set of content. Examples of capabilities include editing a view or connecting to a data source. Tableau provides a set of templates for common permission roles, such as Editor, Project Leader, and so on.
Content ownership: By default, the person who publishes a data source or workbook to the server is the owner of that content. Ownership changes when another publisher updates the content on the server, or republishes it from Tableau Desktop. An administrator or project leader can change ownership or set defaults for the project.
User permissions: are the effective permissions that are the result of evaluating rules and settings, and which ultimately determine what a user can do with the content.
Who can set permissions
Users can have the Set Permissions capability. By default, these are:
- Administrators, for all content on the site.
- Project leaders, for all content in the project.
- Content owners, generally publishers for content they publish.
Default permissions and projects
The permissions assigned to an item of content when it is published are its default permissions. Administrators and users with the Project Leader capability can set these defaults at the project level, and can also lock those defaults to the project.
New projects inherit permissions for the project and its workbooks and data sources from the site’s Default project.
New workbooks and data sources get the default permissions set on their project.
When permissions are not locked at the project, its workbook and data source permissions can be modified.
Views inherit permissions from the workbook. When content permissions are not locked, and the views are not shown as tabs in the workbook, you can edit individual view permissions to differ from the defaults. You cannot modify views shown as tabs.
If you are new to the Tableau permissions model, see Projects and Content Permissions for a walkthrough that uses a best practice approach to setting up permissions.