Could you elaborate on what you mean by 'double hop'? Tableau Server should be able to pass your credentials to SQL Server, the exact method would depend on the authentication method you choose.
What is the issue?
I have a Tableau Report setup to run against a SQL Server. When I run it locally on my Tableau Desktop, I have no issue accessing the database. However, when I deployed the report to the server and tried to run the report from the server I get Login Failed for the Server. (Login failed for user 'Network\ServerName$).
Once we saw that error, we added a Service account to the Tableau Server.
On the Tableau Admin site -> under the Security Tab -> On the Run as Service Account tab:
The Run as Service Account is set to User Account. The account I am using is a service account.
I tried to run the report again from the server. Now I get the same error as above. However, instead of telling me login failed for the Server, it is telling me login failed for the service account.
So I granted the service account read only access to the database.
I ran the report again and this time worked.
Additional Piece of Info:
The Tableau Server is running on a Windows Box. We do use Active Directory for security at a network level. I am planning on using AD as security at the database level.
The tableau server is not on the same server as the sql database.
1) We are planning on doing row level security in the database. If the Tableau Server is passing in the Service Account from Tableau, how am I suppose to know who is running the report at the database level?
2) To pass the network login account, should I move the Tableau Server to the same Server as SQL?
1) To change the Authentication Mode from user and Password to Kerberos. But I am getting confused with the KeyTab file. I read somewhere that since I am on a Windows machine with AD, then I shouldn't need a keytab file since AD should handle that. But Tableau Server is looking for one. So what keyTab file should be uploaded? I am developer and not a system admin. Where do I get the keyTab file from AD?
2) I also was reading on SQL Impersonation. I don't think I want to go down this path either since all of this is setup on the report level. I want to control the access between the Tableau Server and SQL Database. The person writing a report should not care who about security.
Hope this clears things up? It could make it worse!! Any help would be greatly appreciated.
That helps immensely! I would start by reading this page, if you haven't already, which covers the different types of authentication available for data connections on Tableau Server:
Once you've identified the method that you would like to use, if you have issues setting it up, Tableau Technical Support can assist you with getting it up and running. You can open a case via the Customer Portal or tableau.com/support/requests
Hope that helps!