Hi Dan -
Online lets you to secure workbooks to allow or dis-allow downloading - it's up to you. When downloading a workbook you get ALL of the data if extracts are used. If live connections are used, there is no data to return to the user in the first place - it's all sitting in a database somewhere and Online simply queries it in real time.
Row level security is enabled at the Server level (via Tableau Online). Thus, if a user has a copy of the workbook and points it directly at a database (WITHOUT using a secured data server data source or embedded data source), your security goes out the window. If your workbook INCLUDES data in the form of an extract, do not allow it to be downloaded. A savvy user will likely be able to bypass row level security once they have access to the raw file by treating it as a zip file and simply pulling the TDE out.
Thanks for the response, Chris. Just to make sure I understand this - if row level security is enabled in a Tableau Online workbook that filters data from all of the U.S. to a specific state for a user and that user downloads the workbook, ALL of the data (all states) comes with it AND the row level security would break because it is enabled on the server (which requires credentials). It would not be possible to enable a user to download and consume a workbook in Reader from an Online workbook that had row level security enabled. Is that a true statement?
Hey Dan -
You'll get a different behavior based on how you're handling your data sources. Do you know which "path" you're taking?:
- Each data source is "embedded" directly in the workbook. This data source leverages an extract
- Each data source is "embedded" directly in the workbook. You use a "live" data source
- You created and pre-published a "Data Server" data source, then used the published data source to create your vizzes (the data source is live)
- You created and pre-published a "Data Server" data source, then used the published data source to create your vizzes (the data source is uses an extract)