I have some good news, and some bad news. The good news -- you've done nothing wrong, and you're not "missing" anything.
The bad news - impersonation only is available when the data source is SQL Server. See page 275 of the Tableau Server admin guide for more information.
Hello Christopher, Thanks a lot for the info !! One quick question - Is there anyway we can implement dynamic access using Tableau's security model, i.e. Tableau getting RBAC information from Teradata? Thank you !!
In order to view the workbook on Tableau Server, each user must be authenticated. At that point, a Tableau or Active Directory username is associated with that user, for example: windowsdomain\russell
If you have some sort of a "row-level security junction table" in Teradata that drives which rows particular users can view, you could make this work. You'd simply compare who the user who just logged into Tableau is (windowsdomain\russell) with the rows of data you have told Teradata windowsdomain\russell can see).
More details here in the bottom section named Setting Up Automatic User Filters:
You may wish to look into using the Query Banding feature to enforce user security in Teradata based on information about the current Tableau Server user viewing a visualization. You can read the Tableau documentation on how to edit your connection (the "Advanced..." settings) to have Tableau issue query band statements to Teradata at the start of a connection.
Teradata doesn't have a great deal of documentation on how to use Query Banding for security, since the feature is actually quite general and powerful. However you may find this documentation useful: http://developer.teradata.com/database/articles/security-administration-accessing-the-teradata-database-through-a-middle-tier
I hope this helps,