Row Level Security

Overview

Use Case: You have all of your data stored in one data source or one workbook, but you do not want to give everyone in your organization (or outside, if dealing with clients) access to all the data.

Use Case: You have all of your data stored in one data source or one workbook, but you do not want to give everyone in your organization (or outside, if dealing with clients) access to all the data.

Two ways to accomplish filter creation:

Manual: You can manually create user filters that define the specific data each user can access. • Benefits: convenient and does not require additional information • Drawbacks: not automated, must be updated whenever users change, and hard to scale

Automatic: You can create a calculated field that automatically defines whether a user can access the data. • Benefits: You do not need to manually manage user access to the row level data. As new users are added, the filter will automatically update and using a calculated field for row level security can increase performance as the number of users grows on Tableau Server • Drawbacks: Requires that you already have row-level security information in your underlying data source (or ability to blend information in)

This is typically accomplished by bringing another table that defines the users and what dimensions they should have access to (for example, by region)

*If the table is joined - you can create a calculated field utilizing the user() functions. You can apply this filter to a particular workbook or to the data source itself. *If data is blended – you can create a calculated field utilizing the user() functions, but cannot be Boolean in nature. You can only apply this filter to a particular workbook. This does not work on the data source itself because the filter references another data source in the calculated field.

User Filtering (Workbooks) – apply filters on workbooks in desktop • End Users consuming workbooks on server should not be able to see full visualizations o Remember you must not allow these users editing privileges or they can remove the user filter from the filter shelf

Row Level Security (Data Sources) – apply filters on the data source in desktop • End users that are building visualizations or need to be able to edit view in server o If allowing user to build visualizations in desktop, make sure the data source is saved to the data server and do not permission the original to be available to download

Challeneg

Challenge 1: Create a manual filter so that each user can only see one region each (assign different regions to each user). Apply this filter to the workbook first, and then to the data source. What specific permissions do you need to deny in the workbook scenario to make sure they only see their specific view? How about in the data source scenario?

Challenge 2: Using Joins: Create an automatic filter so each manager can only see their region specified in the users table. Apply this filter to the workbook first, and then to the data source. What are the main differences between this method and the manual method?

Challenge 3: Using Data Blending: Do the same thing as challenge 2 but blend in the user table instead of joining it. In this scenario, you won’t be able to apply this automatic filter to the data source. Why? What other differences do you notice?