7 Replies Latest reply on Oct 24, 2019 5:59 AM by Michael Gillespie

    Public Tableau access from within an Organization.

    dcurban man

      Hello All,

       

      New guy here. I have a question about access to Public Tableau from Tableau Desktop. Is it possible to disable it?

      Hypothetically, someone could easily publish your organization data to Tableau Public.

       

      We have a lot a security measure in place, like no uploads via web, no email attachments outside of organization, no usb drive access on laptop, no gmail access, or any public email access, no public upload access..... I mean, think of anything stupid (or smart) someone could try, I think there is a security measures in place to avoid a fiasco (for the most part).

      I mean sure, some of it is a security theatre, but that's besides the point.

       

      I read about ettiquette to ask a question properly and one advice is to attach a sample workbook. If I wanted to attach a sample workbook here to ask a question, I won't be able to.  But guess what, if I want, I can publish to Tableau public!

       

      This is me being curious. Someone above my pay grade should be asking this question!

       

      Dan

        • 1. Re: Public Tableau access from within an Organization.
          dcurban man

          I found this one thread...

           

          Remove permissions to publish to tableau public...

           

          A argument is made about Dropbox or drive ..... But that locked for us.

           

          Don't tell me you can take a picture. Yes you can. By the rules, even that is not allowed.

          1 of 1 people found this helpful
          • 2. Re: Public Tableau access from within an Organization.
            Ciara Brennan

            Hi Dan

            One option would be to anonymize your workbook, so no company confidential figures are shared but you can get assistance on the step you're stuck on.

            Anonymize your Tableau Package Data for Sharing

             

            Also, re. people finding your vizzes out on Tableau Public, the FAQs are worth a look through...

            Tableau Public Frequently Asked Questions

            Can I prevent people from finding the visualizations I've saved to Tableau Public?

            Tableau Public is meant as a platform for sharing data visualizations on the web. You do have the opportunity to set a viz to hidden on your profile - that means visitors to your profile page can’t see the viz among the thumbnails. This can be handy, for instance, when saving a draft of your work in progress.

            However, please note that anyone who knows (or stumbles across) the URL for the viz, can see it, so be sure not to use this service for data that is not meant for sharing.  (On the positive side, this means you can send people a link to a hidden viz.)

             

             

            Hope this helps

            Ciara

            [Program Manager | Tableau Community Forums]

            1 of 1 people found this helpful
            • 3. Re: Public Tableau access from within an Organization.
              dcurban man

              Ciara Brennan Who doesn't like a good pivot? It a good thing with data though!  Not on the kind of security concern I'm trying to raise!

              Sincerely though, the point of my question is not, how do I ask for help or how do I prevent people from finding visualization I've saved to Tableau Public. I'm definitely not naive enough to save company information on a public website.

               

              The point of the question is here I have a tool that literally bypasses, or allows me to bypass any and all security measure in place to prevent intentional/non-intentional sharing of data from an organizations network.

               

              And please don't' give me example of google, yahoo, dropbox..... those entire domains are blocked on our network.  Any website that even sounds like it allows data sharing, it's blocked. Anything that allows remote connections, blocked. Every executable that runs on every machine in the entire organization has a digital signature.  If you were to download an executable from the internet, you simply won't be able to run it, irregardless of the fact whether it required admin access or not.  Any program whether it's freeware or licensed software, it has to be installed from via a company wide software center.

               

              Oh and for a moment, just for a moment, lets say we block public.tableau.com! That's doesn't solve the problem.  Do you know why?  If there exists a Tableau server that presents a valid SSL certificate and to which you have credentials Tableau desktop will happily transmit data to it!  Because data transfer happens over https (port 443) which is open for internet traffic.

               

              I simply am not ready to believe that you can't turn this functionality off!

              • 4. Re: Public Tableau access from within an Organization.
                Ciara Brennan

                cc'ing Scott Teal and Jonni Walker in case they would like to chime in with further inputs

                • 5. Re: Public Tableau access from within an Organization.
                  Michael Gillespie

                  I guess I don't understand what you're asking.  Your initial question was "can I turn off access to Tableau Public from Tableau Desktop?".  You yourself found a link to do that.  So what is it that you are now asking?

                  • 6. Re: Public Tableau access from within an Organization.
                    dcurban man

                    Michael Gillespie What link did I find with a solution? Are you referring to this? Remove permissions to publish to tableau public...

                    Did you read the link?

                     

                    There is no solution there. Yes, the person who replied say maybe there could be a sophisticated firewall rule. Sure, I'd be happy with that.  Someone, anyone, enlighten me with the sophisticated firewall rule because as I mentioned earlier, the communication happens over port 80/443. Those two (I'm sure there are a few more, which I am not going to say) are literally our only ports open because the entire (almost entire, if you are going to go all technical on me) Internet traffic relies on them.

                    Even if I blocked the entire Tableau.com domain (or anything domain with the word tableau in it by a simple regex) the problem DOESN'T go away.

                     

                    Your initial question was "can I turn off access to Tableau Public from Tableau Desktop?".

                    My questions still stands.  Infact, it's much bigger than that now because since my initial question I have found that it's not just a problem with Tableau Public. Anyone up to mischief can simply download Tableau server on their laptop, use something like letsencrypt to get a valid SSL and voila! Tableau desktop will happily transfer away data!

                     

                    I hope it's clear enough as to what I am asking.

                     

                    Dan

                    • 7. Re: Public Tableau access from within an Organization.
                      Michael Gillespie

                      Well, clearer anyway.  The usual approach in a highly secure environment is to whitelist acceptable sites via the firewall, and block everything else by default.  That may or may not be what is happening at your organization - I would have no way of knowing.

                       

                      And I apologize, I thought that link had a reference to a registry hack I thought I remembered.  Still looking for that, but I do recall something that allowed you to remove the "Tableau Public" option from that menu entirely.  EDIT: Here it is - https://kb.tableau.com/articles/howto/remove-publish-to-public

                       

                      As for your larger question, well, yeah, Tableau is a tool for sharing data.  Turning off the ability to share data kind of defeats the object of the tool.  It's not quite as easy to do what you describe in your question, but sure, if someone is determined to do something malicious, there's very little you can do about that - with ANY software, not just with Tableau.  The only way to prevent someone from running off with data that's being used in Tableau is to not allow the data into Tableau in the first place.

                       

                      I know none of that answers your question, but I honestly don't know of a way to disable what is a core function of the software.

                      1 of 1 people found this helpful