Companies are responsible for the safety and confidentiality of their client data and employee information. Data security is essential for every enterprise, irrespective of its size. Usage of data has increased business profitability and efficiency. At the same time, we should ensure 'who should see what’.
It’s not all about how people see and understand their data but customers should have confidence in the security of solutions. The idea is to continually earn the customers' trust by applying industry-standard security solutions and best practices.
While publishing workbooks there can be two types of security that you might be interested in:
- Who can access my workbook? (Permissions) eg: Both Central & West region users should have access to the workbook
- What should be accessed by a user from the total data set? (Row Level Security) eg: Central region users should see Central region data whereas West region users should see West region data
- Although less common we do have Column Level Security as well where security is set at Column Level
Permissions set capabilities at workbooks and data sources. It is responsible for providing or denying access to a userPermissions are set in the Permissions dialogue box. At the top, permission rules configure capabilities for groups or users as allowed, denied, or unspecified.
Below, the permissions grid displays the effective permissions for users.
Row Level Security
Row Level Security is User-Level Automatic Data Filtering. When a user views a Workbook or Data Source in tableau financial services, Desktop or Server, they only see the rows of data they are supposed to. This is different from Permissions, which empowers the user to view a Workbook or Data Source.
Users having access to the workbooks can see all of the data shown in the views. We might not like it, for example, Central & West regions users can access data of both the locations. We need a special filter that allows you to specify which data “rows” any given user signed in to the server can see in the view.
Solutions - Using Create User Filter of Tableau Server
Let us try to explain the same with a simple example. Both C and W are the users who have access to the below workbook, hence both can see it.
But, C is a member of the Central & W is a member of the West Region
So, when C login he/she should see only Central Region data (see below image)
How to achieve? Final Steps
Step 1-Go to Server > Create User Filter > Region
User Level Filter 'Regional Manager' is Created and can be seen under the section Sets, this filter is of Type Context acting as 'Master Filter' (Other filters at sheet level will act on it)
Context Filter: You can set a context filter to include only the data of interest, for example only Central Region data should be filtered first whenever a Central User is logged in
Sets: Technically it is a Set where we have defined a group of users under each region
Note: While publishing the workbook we should set deny to below capabilities
Let the user C of Central Region login now & here we go :)
This is an easy way to set User Level Filter assisted by Tableau Server where we have predefined fields at the data source (Region here) which can be assigned to AD Group users directly.
There are other scenarios where we shall discuss hybrid use of Live Connection and Extracts, and data suppression techniques using calculated fields to ensure data is dynamically hidden, or masked as necessary for personally identifiable information. Stay Tuned!