1 of 1 people found this helpful
Hey Divya -
Looks like no one answered this. In case you haven't already figured the answer out, "Allow" explicitly grants the permission in question while "Inherit" neither grants or denies it. Why is this useful?
For a particular user, I might "Allow" a specific permission, for a different permission, I might choose "Inherit". IF the second permission is granted by the user's group membership, then he or she gets the permission - he or she "inherits" if from the groups that he/she belongs to. If none of the groups he/she belongs to grants the permission, then he/she doesn't get it.
Thanks Rusell! That helps.
However, what does it mean if a particular user-group is granted "Inherit" access?
If a user is granted inherit, it means we look to the groups that user is a member of to determine whether or not the user has the specific permission.
Inherit on a group really doesn't mean anything since we don't allow you to nest one Tableau group inside another group like you might do in Windows.
Question along this line, if the user's permission is set to inherit and he's a member of two groups with conflicting permissions for the content, so deny trump allows?
So does this mean that the specific permissions for a group marked as "inherited" are basically doing nothing? Meaning the group is effectively denied that permission?
So here is our situation. We have a project, "Sales". We have 3 groups. "Sales Viewer", "Sales Interactor", and "Sales Champion". We are granting permissions on the project "Sales" to these three groups. For each group we add it to the project and assign it a "Role". Depending on the role the different bubbles are filled out. "Allow", "Deny" or "Inherited". So it appears that the permissions are dependent on the "Role" that the group is assigned to. But if many bubbles are marked as inherited when we assign the group to this role how do we know if the group is being allowed or denied these permissions? Can we see what permissions are allowed and denied for each role? Or does this mean that the user in this group is only allowed these specific permissions if they are a member of another group that is expressly allowed this permission or they are individually allowed this permission at the user level?