Was this page helpful?
Yes No
Tableau Help > Tableau Server for Windows Help > 

Quick Start: Permissions

You can use permission rules to control access to specific content on a site. Every user has a set of allowed capabilities based on their site role. Each content type—projects, workbooks, views, and data sources—can have permission rules assigned to groups or to specific users. The easiest and most efficient way to manage permissions is to create permission rules for groups.

1 Add Users to Groups

Within a site, click Groups. Create groups for users who should have the same permissions, and then add the users to these groups. Click a group name, and then click Add Users to select the users to be included in the group.

2 Select the Content

On the Content page for a site, click Workbooks, Views, Projects, or Data Sources. Select an item in the page. Select Actions > Permissions to view the permission rules for that content.

A permission rule is a set of capabilities (such as the ability to edit a view) that are allowed or denied to a user or group of users. Available capabilities vary depending on the type of content selected.

3 Create a Permission Rule

Click Add a user or group rule, select Group, enter search text , and then select a name from the list. Select a permission role template to apply an initial set of capabilities for the group. Click a capability to set it to Allowed or Denied, or leave it Unspecified. Click Save when you are done.

Whether a user can set permissions is based on their site role and how their Set Permissions capability is set.

4View User Permissions

After you save the permission rule for the group, you can view the effective permissions for that content.

Click a group name to see the group's users and their permissions. Hover over a capability box to see a tooltip with details on whether a capability is allowed or denied.

Custom indicates a user's capabilities have been changed from the initial settings for their site role or content role.

Site roles

A user's site role determines the maximum permissions allowed for that user.

  • Server and site administrators can access all site content with full permissions.

  • Owners always get full access to the content they've published, but can only change permissions for their workbooks and data sources when the parent project permissions are not locked.

For more information, see Set Users’ Site Roles.

Permissions evaluation

  • Denied takes precedence over Allowed.

  • Unspecified results in Denied if no other permissions are specified.

  • Specific user permissions on content take precedence over group permissions on content. In other words, user permissions trump group permissions.

For a best-practice walkthrough on how to implement permissions, see Projects and Content Permissions.