1 of 1 people found this helpful
Hey Nick -
Since Tableau Server does not support credential delegation against SSAS (example:
- I login to my machine as as domain\russell,
- Tableau Server picks up the fact I'm domain\russell and passes this info along to SSAS,
- SSAS authenticates me as domain\russell)
...you pretty much have three choices:
- Embed a specific set of windows credentials into your report - it will hit SSAS with that login regardless of how the user logs in (Trusted Tickets, Standard Security, AD, whatever)
- Tell the report to use NT Auth AND run the Tableau Server's "Run As" account with a user that has permissions on SSAS. Each report run in this manner will connect to SSAS as the "Run As" user that Tableau Server is running under...
- Allow the report to prompt the user for a set of Windows Credentials necessary to access SSAS. << SAFEST, but least user-friendly.
The fact that you have people hitting the reports from both inside and outside your org doesn't really impact the crux of your problem (no impersonation against SSAS), but it does make life more interesting from an "authentication against Tableau Server" perspective.
Thank you Russell, I will be looking into the Run As account. We are working with our internal security team to see if we can have this setup.