Skip navigation

AD attribute read for datasource authentication

score 6
You have not voted. Active

Within Tableau one can either create a datasource by specifying "Username and Password" or by selecting "Integrated Authentication". In an enterprise environment, one would like to use the latter in order to re-use a datasource, when being published to Tableau Server.

Unfortunately, this implies, that the Windows username (accessing Tableau by AD auth) and the username for the datasource to be identical. In case, one cannot fullfil this request (as both usernames differ), the ony option, to use the particular datasource, is to specify a dedicated username including the password. The tradeoff with this approach is, that one cannot identify the accessing user within the datasouce/database/system. Consequently, any userbased filtering cannot be applied within the source-system but has to be reimplemented somehow else.

My idea is to provide an option for "Integrated Authentication" to read an additional Attribute from an Active Drectory Service, that is then used as username for accessing the datasource. This is intended to happen, when server-side-trust between Tableau Server and the Database/Sourcesystem is established.

Furthermore, it would be very comfortable, to enable the possibility to switch the Connection mode for any datasource in Tableau Server between "Username and Password" and "Integrated Authentication" also enabling the mentioned optipon from above.