Skip to main content
Skip table of contents

Tableau Project Permissions

Overview of Basic Tableau Permissions

Each Tableau report consists of Data Source(s) that supply the basic data and the Workbook that holds the report in one or more tabs.

Tableau permissions must be granted for both the Data Source(s) and the Workbook (which is held in a Project folder).

User Groups are granted these permissions.

Permission Level

What it is

Notes

Workbooks in a Project

The project’s permissions apply to all workbooks (reports) in a project 

Recommended as simplest to maintain

Individual workbooks

Each workbook (and/or each view) can have different permissions

For advanced users - otherwise not recommended

Data Source

Only explicitly-permitted users can see the data supplied by each Data Source

Data Sources are in the <ClientName> Project

Row Level

Security

Additional data permission filtering, created within the data source, to limit the logged-in users to certain records..

Optional. Typically for Salesreps and their managers to see only their own sales.

Locked to Project

For simplicity, most projects should be Locked. This forces every workbook within it to conform to the Project’s permission setup.

A user publishing a new report does not need to contend with permission issues beyond publishing it to the appropriate Project.

image-20250319-161057.png
image-20250319-164842.png
image-20250319-164959.png

Exceptions (not locked to project)

ClientName (holds data sources)

The project with the client name (that holds the data sources) needs to be kept Customizable, to allow each data source to be separately permissioned.

Not Implemented (as parent project)

The WIP project holds subprojects that will be individually Locked and permissioned.

Later, the whole subproject may be moved out to be a Top-Level project, or may have selected workbooks copied into other projects.

Default (not used)

The Default project settings are the default for any new projects. Except that if set as Locked To Project, the Locked status does not carry over to the new project.

User Groups

 

image-20250319-165133.png

Apply Groups to Individual Data Sources

image-20250319-165401.png

All data sources should be

  • All Users group - removed

  • All Access group - View rights

  • XX Allow group - View rights

  • GL DENY group - Denied rights (GL only)

Site Admins will still retain full rights because of their role.

Row Level Security

Row Level Security can exclude even Admin users from viewing the Data Source’s data.

_ Analytics Project as All Users

Leave the _ Analytics project as All Users with Publish access.

Project Permissions by User Group

Permissions for each Project that contains reports

Why

Giving (or not giving) users permissions for the data sources is basically adequate, though potentially they would still be able to see some information in a workbook’s thumbnail even if their lack of permission for that data source did not allow them to read the full reports.

Allowing users access to selected projects declutters their display.

Projects tab

 

image-20250319-170119.png
  • All Users group - removed

  • All Access group - Publish rights

  • XX Allow group - Publish rights

  • GL DENY group - Denied rights (GL only)

  • DS Cloud can be ignored. It is DataSelf’s user used to create the Tableau site and does not affect the end users' rights

(Individual user's Role will later limit who can publish.)

Workbooks tab

image-20250319-170152.png

 

 

 

 

Tableau Permission Help Page

https://help.tableau.com/current/server/en-us/permissions.htm#set-permissions

 

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.