1 of 1 people found this helpful
License levels do not mean that a user will have that level of permissions across all projects, workbooks, views or data sources. The license level means that these are the maximum possible capabilities the user can have.
When a workbook or project is published, unless the default All Users is specified to have permissions, then each user will have to have the permissions specified if they are to have access. Otherwise, Tableau assumes their access is denied.
As a rule: Deny trumps Allow.
The inheritance goes from a group to a user (assuming that the user has neither been denied or allowed access when the rest of the group has not). Another rule of thumb: User permissions trumps Group permissions.
I hope this helps!
Thank you, Tracy.
The reason I posted this was a strange issue when I tired using the new Data Server. I published data extract to our Server and granted one user permission to connect to it. I then published a workbook that used this extract, and published it to a project to which user had interactor access. I used pre-defined Interactor sets for project, so it had a few 'inherit' permissions. The user could not see the published workbook and got the message that they are not allowed to connect to the data source, when I explicitly set permissions to 'Allow' on data source. To fix this, I had to change 'Inherit' to 'Allow' for 'Data connect' on workbook.
This confused me a lot, as I still don't know how the permission inheritance works between data sources and workbooks.
Sorry, I'm just getting back to this one. Think of it as almost a hierarchy. Project-->Workbook-->View. Even if the user is given rights to the datasoource, if the user is Denied anywhere along the chain above, then that overrides him having rights to the datasource. Therefore, as noted, you'll have to give specific permissions within the desired workbook.
Hope this helps further explain it!
Sorry to jump on the back of this question, but I have a related issue.
Can any one please define what a Data Source Connector is and when I have to set it to allow?
I have a series of workbooks in a project that use a Tableau Server data source.
I have a group of users who are set as Interactors. Do I also have to set them to "allow" on the Data Source Connector? When it is set to "inherited" it says they are denied access to the data source connection. Will this mean they cannot connect to the workbooks?
The Data Source Connector is a Role--a pre-defined set of common capabilities made by Tableau to make it easier for defining what a user/group's permissions should be. The data source connector in particular, allows the user/group to connect to the data source on the server.
If your group of Interactors are denied access to the data source connection within either the group or project permissions, then they will also be denied here.
Thanks for the reply.
Could you let me know that if the users are denied access to the data source connection will they be able to see the views in the workbook? Or by not being able to connect to the data source does this restrict them from seeing views created by that data source?
In Tableau 8.0.4:
What might be happening when a Data Source is published in:
Scenario A: Denied for Viewing and rest of the permissions other than Allowing to Connect?
Scenario B: When the permissions are Allowed for Viewing and Connecting and rest of the permissions are denied?
Thanks and regards,
I don't think so it will effect the viewing capabilities of the user when they are permitted to view the workbook but not the data source. The data sources connection would be useful for those who wanted has some vested interest atleast in seeing the data connections - like types, joins, tables, etc..(I am not talking about manipulations/ editing here).
I am sure you might have experienced this by now.