7 Replies Latest reply on Feb 6, 2013 10:03 AM by Mark Jackson

    Trying to get a handle on secure extracts on Tableau Server.

    Toby Erkson

      Note: When I write "secure connection" or "secure data source" I mean that it requires credentials to access it.  So this means only people with the proper credentials can see the data or report.

       

      Okay, bear with me, I'm trying to understand secure extracts, scheduling, and workbooks on Tableau Server as the documentation has the process fragmented and not in a flowing, step-by-step description.

       

      Here's the situation

      User has a fully-functional workbook that uses an extract (of an Oracle data source) in the workbook (saved to their computer) and publishes it to the server.  The extract fails to update on the server.  My guess is due to the location of the extract as it's a path on their desktop and not the Tableau Server.

       

      I've read the documentation but I don't grasp EXACTLY how it all works and I need to know this so I can relay it to my end users.

      This is what I understand it to be:

      1.  User connects to secure data source, builds query, and publishes it to the server.

      2.  User now builds a workbook and points it to the data source just published on the server.  User then publishes their workbook to the server and sets scheduling.

       

      Questions

      A) Is the above correct?  If not, please correct.

       

      B) If the user has scheduling on a workbook they publish, is it the extract or the workbook that gets refreshed?  Or are the extracts put on a schedule when they are published (step #1 above) and the workbook is simply updated at the scheduled time with whatever state the extract may be in?

       

       

      C)  The published extracts are visible on the server but we only want authorized user access to them so how does this work?  If we have credentials embedded so the scheduled extracts work what keeps others from using the extract?

        • 1. Re: Trying to get a handle on secure extracts on Tableau Server.
          Mark Jackson

          a: The extract can either be embedded in a workbook or published to the Tableau Data Server. If it is embedded in the workbook, the user sets the refresh schedule upon workbook publish. If the extract is published to the Tableau Data Server, the schedule is set when you publish the data source.

           

          b: If scheduling set set when you publish a workbook, then you have workbook embeded extracts (i.e. not published to Tableau Data Server). What gets refreshed are the extracts. If you make changes to the workbook, you have to re-publish.

           

          c: If it is an embeded extract, no one else can connect to it. Unless they have rights to download the workbook with the extract embeded. If it is a Tableau Data Server source, you set the permissions when you publish. I suggest you create projects and set the rights on the projects using groups. Then publish the sources into the appropriate project.

          1 of 1 people found this helpful
          • 2. Re: Trying to get a handle on secure extracts on Tableau Server.
            Mark Jackson

            It is important to note that the Tableau Server account must have rights to the original source. This could be through Active Directory, or embedded credentials if using ID/password authentication. Or if the source is Excel/Access/CSV, the server account needs to be able to access the full network path (not a mapped drive).

            1 of 1 people found this helpful
            • 3. Re: Trying to get a handle on secure extracts on Tableau Server.
              Toby Erkson

              Thanks Mark, I'm slowly digesting this info, good stuff.  I like the Projects and Groups suggestion.  The company I'm working for is very, very, very security conscience so I really need to understand how credentials work with extracts, be they saved in a workbook or on the server.

               

              I wish I could sit with you and learn more but we don't have any plans to visit my wife's family any time soon (they're north of Marietta).  Anyway, I may be back with more questions so beware!

               

              I'm leaving this question open because I would like to hear input from others.

              • 4. Re: Trying to get a handle on secure extracts on Tableau Server.
                Toby Erkson

                Help me understand something about an embedded extract.

                User A creates a workbook with an extract.  When creating the extract they are asked where to save it on their hard drive so they pick a spot and save it (.tde).  Now they publish the workbook to the server. 

                 

                1)  Can user B download that workbook from the server and 'work' the report (look at the sheets, modify/add vizes, etc.), including refreshing the extract, even though they don't have the original .tde?

                2)  What if the author (user A) used their credentials to connect to the data source, will user B connect to the data source using A's credentials or their own?  Because what I need is for user B to use their own credentials, not the author's.

                • 5. Re: Trying to get a handle on secure extracts on Tableau Server.
                  Mark Jackson

                  1. When the user uploads the workbook, it gets published as a packaged workbook that includes any extracts. So anyone with edit rights on the server can download the packaged workbook that includes the extract. If user A set a refresh schedule, then the packaged workbook downloaded by user B may have a more recent extract than what exists on user A's hard drive.

                   

                  2. If user B has edit rights, they will get a copy of the extract when they download the workbook from Tableau Server. No other credentials are necessary. If they want to refresh the extract locally, they will need their own credentials with the source system. It is not any different from dumping data into a CSV or Excel file from a database. You don't need database credentials to look at the data in the CSV or Excel file. You would need database credentials if you wanted to refresh your CSV or Excel file.

                  1 of 1 people found this helpful
                  • 6. Re: Trying to get a handle on secure extracts on Tableau Server.
                    Toby Erkson

                    Mark Jackson wrote:

                     

                    ...

                    2. If user B has edit rights, they will get a copy of the extract when they download the workbook from Tableau Server. No other credentials are necessary. If they want to refresh the extract locally, they will need their own credentials with the source system. It is not any different from dumping data into a CSV or Excel file from a database. You don't need database credentials to look at the data in the CSV or Excel file. You would need database credentials if you wanted to refresh your CSV or Excel file.

                    So what I'm gathering from this is that the most recent data load is present in the workbook (either from the author publishing it or if the workbook was refreshed via scheduling) along with the necessary data connection information but excluding credentials, correct?

                    • 7. Re: Trying to get a handle on secure extracts on Tableau Server.
                      Mark Jackson

                      Correct

                      1 of 1 people found this helpful