Skip navigation

Enable Kerberos Delegation for Oracle

score 13
You have not voted. Active

What's the big idea?

Add Run As User delegation for Oracle data sources from Tableau server.

 

What problem are you trying to solve or what scenario would this idea solve?

We have a wide range of users that have individually varied permissions controlled on source Oracle systems. This often related to highly sensitive data where we have compliance constraints (like HIPAA). The users have individual accounts on the oracle systems, which facilitates audit logging of sensitive data access.

 

What workaround have you found and used so far (if any)?

Currently, we have to manually add users to each tableau report that has sensitive data and the reports have to use extracts or service accounts to retrieve the data. This breaks audit logging and could potentially allow users to continue accessing sensitive data after their access expires (sensitive access is often on a project basis). It's clunky at best.

 

What is your role in your organization?

I'm the data architect. I bring together data and tools to make them accessible and easily usable for our subject experts and researchers. We have ~90 Tableau Desktop users and several hundred active report consumers.

 

What is your operating environment?

We have a single tableau server which connects to several oracle and sql server databases. The tableau server and the databases that carry sensitive data use kerberos authentication from our active directory server. It is single realm.

 

The main browser used by our users is IE 11 (... ).

 

 

Comments