In an earlier post I demonstrated some options on implementing row level security in Tableau. Another way to manage permissions is to use the Tableau Server groups and ISMEMBEROF function.
ISMEMBEROF works well alongside the row level permissions, as demonstrated below. Server groups can also be used to assign Tableau Project permissions.
This is very useful for role based permissions. Create a Tableau group for each role. In Tableau Server add the users to the relevant group. Synchronise with Active Directory (AD) groups for further automation and less maintenance. This would automatically add and remove users from groups as people move, come and go from an organisation.
For example you could have groups based on a user role, such as ‘Sales’ or ‘Customer Service’. Perhaps within the data there are some records Sales can see and other records Sales can’t see. Within the data use a simple boolean field showing whether Sales are allowed to see the record. True means they can see the field and False they can’t. We’ll call this field ‘SalesCanView’.
In Tableau create a calculated field using the ISMEMBEROF and the Tableau groups. This field is for filtering, to apply the permissions. A formula such as follows works:
IF ISMEMBEROF(“Sales”) AND [SalesCanView] THEN ‘True’ ELSEIF ISMEMBEROF(“Customer Service”) THEN ‘True’ ELSE ‘False’ END
Drag this field into the Filters area and set the value to True.
In plain English this formula says:
- if the user is a member of the Sales permissions group and the data field SalesCanView is True the user can view the record
- if the user is a member of the Customer Service group they can view the record
- all other users can’t view the record.
Permissions are a challenge within Tableau. In general a combination of row level permisssions and group based permissions are enough for an effective model.