2 of 2 people found this helpful
We've been using Tableau Server for about two years and have recently started adding users and reports that are unrelated to the original content (e.g. now Finance and IT are now using it in addition to the Lab). All of our users are internal. Rather than use the Sites feature, which complicates admin logins and tries to leverage content administrators, we place all our users into Groups (e.g. Lab, Finance, IT), and all our reports into Projects (e.g. Operations, Projects, Finance, IT), and then assign group level permissions to the projects. We try to avoid setting user-level permissions, there are too many users to keep track of. We do this less for security/confidentiality and more to not confuse new users by exposing them to reports they won't understand. When someone in Finance searches for reports, they'll only find a few from the Finance project, so they'll know where to go. And the Lab staff won't wander into the Finance reports. We have 175 users, 10 groups, 12 projects, and 200 reports.
1 of 1 people found this helpful
Its also depends on the Authentication you are using - Is it AD or local user authentication.
Is you are Installation is Guest enabled or not?
If Guest is not enabled then create a site for External Users and restrict the access for external to the Default site.
If Guest is enabled then you need to go with Project level Rights.
Depends on the Organization hierarchy you can decide the project level permissions.
Yes. Even though we do have external clients using the reports, we probably won't be creating a separate site for those reports because internal users will also use them, and sharing reports across sites is not possible.
We also will be mostly using group level permissions, and use data filters so different client support teams will only see the data related to their specific client.
We will probably end up using different project areas to separate the reports, mostly for the benefit of the developers and admins to help them keep things organized. The user groups will only see the reports they are authorized to see, so in any case they shouldn't be overwhelmed with too many choices.
We are not using AD authentication... because we will only be handing out group type logins... and we don't want to have to coordinate the Tableau groupings with our AD groups. Although we then lose the ability to track usage by individual users.
We will not be permitting Guest login.
@ everyone - Thanks for your comments.