Looking for an Expert Development Team? Take two weeks Trial! Try Now

How To Implement Best Possible Row Level Security With Tableau?

banner

Problem(s)

Companies are responsible for the safety and confidentiality of their client data and employee information. Data security is essential for every enterprise, irrespective of its size. Usage of data has increased business profitability and efficiency. At the same time, we should ensure 'who should see what’.

It’s not all about how people see and understand their data but customers should have confidence in the security of solutions. The idea is to continually earn the customers' trust by applying industry-standard security solutions and best practices.

Situations

While publishing workbooks there can be two types of security that you might be interested in:

  • Who can access my workbook? (Permissions) eg: Both Central & West region users should have access to the workbook
  • What should be accessed by a user from the total data set? (Row Level Security) eg: Central region users should see Central region data whereas West region users should see West region data
  • Although less common we do have Column Level Security as well where security is set at Column Level

Permissions

Permissions set capabilities at workbooks and data sources. It is responsible for providing or denying access to a userPermissions are set in the Permissions dialogue box. At the top, permission rules configure capabilities for groups or users as allowed, denied, or unspecified.

Permissions set capabilities

Below, the permissions grid displays the effective permissions for users.

Row Level Security

Row Level Security is User-Level Automatic Data Filtering. When a user views a Workbook or Data Source in tableau financial services, Desktop or Server, they only see the rows of data they are supposed to. This is different from Permissions, which empowers the user to view a Workbook or Data Source.

Users having access to the workbooks can see all of the data shown in the views. We might not like it, for example, Central & West regions users can access data of both the locations. We need a special filter that allows you to specify which data “rows” any given user signed in to the server can see in the view.

Solutions - Using Create User Filter of Tableau Server

Let us try to explain the same with a simple example. Both C and W are the users who have access to the below workbook, hence both can see it.

But, C is a member of the Central & W is a member of the West Region

User Level Security1

So, when C login he/she should see only Central Region data (see below image)

User Level Security2

How to achieve? Final Steps

Step 1-Go to Server > Create User Filter > Region

Regional Manager is Created

User Level Filter 'Regional Manager' is Created and can be seen under the section Sets, this filter is of Type Context acting as 'Master Filter' (Other filters at sheet level will act on it)

Context Filter: You can set a context filter to include only the data of interest, for example only Central Region data should be filtered first whenever a Central User is logged in

Sets: Technically it is a Set where we have defined a group of users under each region

set
set

Note: While publishing the workbook we should set deny to below capabilities

Central Region

Let the user C of Central Region login now & here we go :)

Central Region login

Conclusion:

This is an easy way to set User Level Filter assisted by Tableau Server where we have predefined fields at the data source (Region here) which can be assigned to AD Group users directly.

There are other scenarios where we shall discuss hybrid use of Live Connection and Extracts, and data suppression techniques using calculated fields to ensure data is dynamically hidden, or masked as necessary for personally identifiable information. Stay Tuned!

Read More:

DMCA Logo do not copy