Was this page helpful?
Yes No
Tableau Help > Tableau Server on Windows Help > 

Tableau Server on Windows now includes Tableau Services Manager (TSM), which replaces the Configuration Utility and the command line tool. If you need help for an earlier version of Tableau Server, see the Tableau Help page.

Quick Start: Permissions

You can use permission rules to control access to content on a site. A permission rule is a set capabilities that defines the level of access a group or user has on a content item. Content items are projects you create, and the workbooks and data sources published to them.

The most efficient way to manage permissions is to create permission rules for groups, and assign the permissions at the project level.

1 Add users to groups

Create groups for users based on who should have the same permissions, and then add users to those groups. Within a site, select Groups. Select a group name, and then select Add Users.

2 Select a project

On the Content page for a site, navigate to the Projects page. On the Actions menu, select Permissions to view the permission rules for the project. By default, only an All Users group is defined, with pre-defined permissions roles applied to the group.

The image below shows an All Users group that was modified to remove those pre-defined permissions, in preparation for creating new groups for your own environment.

3 Create a Permission Rule

Click Add a user or group rule, select Group, and then find and select the group.

Select a permission role template to apply an initial set of capabilities for the group. Click a capability to set it to Allowed or Denied, or leave it Unspecified. Click Save when you are done.

Whether a user can set permissions is based on their site role and how their Set Permissions capability is set.

4 View User Permissions

After you save the permission rule for the group, you can view the effective permissions for that content.

Click a group name to see the group's users and their permissions. Hover over a capability box to see a tooltip with details on whether a capability is allowed or denied.

Custom indicates a user's capabilities have been changed from the initial settings for their site role or content role.

Site roles

A user’s site role determines the maximum permissions allowed for that user.

  • Server and site administrators can access all site content with full permissions.

  • Owners always get full access to the content they've published, but can change permissions for their workbooks and data sources only when the parent project permissions are not locked.

For more information, see Set Users’ Site Roles.

Permissions evaluation

  • Denied takes precedence over Allowed.

  • Unspecified results in Denied if no other permissions are specified.

  • Specific user permissions on content take precedence over group permissions on content. In other words, user permissions trump group permissions.

For a couple of best-practice steps for how to implement permissions, see the following: