Quick Start: Permissions
Tableau Server on Windows now includes Tableau Services Manager (TSM), which replaces the Configuration Utility and the command line tool. If you need help for an earlier version of Tableau Server, see the Tableau Help page.
You can use permission rules to control access to content on a site. A permission rule is a set capabilities that defines the level of access a group or user has on a content item. Content items are projects you create, and the workbooks and data sources published to them.
The most efficient way to manage permissions is to create permission rules for groups, and assign the permissions at the project level.
1 Add users to groups
Create groups for users based on who should have the same permissions, and then add users to those groups. Within a site, select Groups. Select a group name, and then select Add Users.
2 Select a project
On the Content page for a site, navigate to the Projects page. On the Actions menu, select Permissions to view the permission rules for the project. By default, only an All Users group is defined, with pre-defined permissions roles applied to the group.
The image below shows an All Users group that was modified to remove those pre-defined permissions, in preparation for creating new groups for your own environment.
3 Create a Permission Rule
Click Add a user or group rule, select Group, and then find and select the group.
Select a permission role template to apply an initial set of capabilities for the group. Click a capability to set it to Allowed or Denied, or leave it Unspecified. Click Save when you are done.
4 View User Permissions
After you save the permission rule for the group, you can view the effective permissions for that content.
Click a group name to see the group's users and their permissions. Hover over a capability box to see a tooltip with details on whether a capability is allowed or denied.
A user’s site role determines the maximum permissions allowed for that user.
Server and site administrators can access all site content with full permissions.
Owners always get full access to the content they've published, but can change permissions for their workbooks and data sources only when the parent project permissions are not locked.
For more information, see Set Users’ Site Roles.
Denied takes precedence over Allowed.
Unspecified results in Denied if no other permissions are specified.
Specific user permissions on content take precedence over group permissions on content. In other words, user permissions trump group permissions.
For a couple of best-practice steps for how to implement permissions, see the following:
Projects and Content Permissions (links to Everybody’s Admin Guide)