In an earlier post I demonstrated some options on implementing row level security in Tableau.
When using a data extract, where permissions can be more challenging within Tableau (connecting live means you can implement your permissions in the underlying database, which is far cleaner and simpler), another way to manage permissions is to use the Tableau Server groups and ISMEMBEROF function. This can be used at a row level, as demonstrated below, and server groups can also be used with Tableau Project level permissions.
This is very useful for role based permissions, those roles and member of each role can be brought into Tableau Server.
For example you could group your users based on a role, such as ‘Sales’ or ‘Customer Service’. Perhaps within your data you have some records that Sales are allowed to see and some records Sales aren’t allowed to see. Within the data you can add a simple boolean field stating whether Sales are allowed to see the record or not, with 1 being they can and 0 being they can’t. We’ll call this field ‘SalesCanView’.
In Tableau create a calculated field to be a filter using the IsMemberOf to bring the role based/Tableau Server group based permissions to life. A formula such as follows can be used:
IF ISMEMBEROF(“Sales”) AND [SalesCanView] = 1 THEN ‘TRUE’ ELSEIF ISMEMBEROF(“Customer Service”) THEN ‘TRUE’ ELSE ‘FALSE’ END
Drag this field into the Filters area and set the value to TRUE.
In plain English this formula says if the user logged into Tableau Server is a member of the Sales permissions group and the data field SalesCanView contains a 1 then the user can view the record. Also if the user is a member of the Customer Service group they can view the record. All other users can’t view the record.
Permissions are a challenge within Tableau, generally a combination of techniques both within the data and within Tableau Server would be used to come up with an effective model.