Tableau Server Permissions
Tableau terminology
Folder navigation
- Project: contains Tableau content produced by a department; similar to a folder
- projects consist of workbooks (.twb or .twbx files), views, and data sources
- projects are flat (no subprojects or folders within a folder)
- Workbook: Tableau workbook (.twb or .twbx file), resides inside a project
- View: tab within a Tableau workbook
- Data Source: files or database tables, or combination of the two, used to create a workbook
User roles
- Server Administrator: IS&T staff who administer the entire Tableau Server installation.
- Site Administrator: administers permissions and content in a site
- Project Leader: administers permissions in a project, can create or delete content within a project
- Publisher: produces content; can publish, and update or delete workbooks they own; needs permission to delete workbooks owned by other users
- Interactor: consumes contents, can filter, sort or download
- Viewer: views content, but cannot filter, sort, or otherwise interact with the view
Permission scope
(adapted from Tableau Server online help)
- Site role: A user's site role determines whether a user can publish, interact with, or only view content and the different levels of permissions allowed for a user. By default all users are assigned the Publisher site role, so if they have Publisher permission within a project, they will be able to create content in that project.
- Content permissions: Every project, workbook, view, or data source can have a unique set of permission rules. Permissions at the content level are more granular.
- Recommendations:
- Permissions should be set using Groups (Moira lists) instead of at the User level
- “Deny” permissions take precedence over “Allow” permissions if a User is part of multiple Groups
- Permissions on lower-level objects (such as Workbooks) override permissions on higher-level objects (such as Projects)
- See the following pages for more information:
- Recommendations: