2 Replies Latest reply on Apr 19, 2017 6:33 AM by Jeff Strauss

    Row level security - with datasource filter - missing server thumbnail image

    Jeff Strauss

      Mark Wu Mr. Row level security, have you run into this issue and if so how did you get around it?  Attached is a simplified example.

       

       


      When embedding username() inside of a published datasource filter, and then attaching a workbook to via (Tableau Server), the server thumbnail for the workbook is a generic thumbnail instead of a snapshot of the first page.  When publishing the workbook it doesn't give us an option of choosing a "thumbnail user".

       

       

       

      Attached example (using sample superstore).  We're on release 10.1.3

        • 1. Re: Row level security - with datasource filter - missing server thumbnail image
          Mark Wu

          Jeff, I saw the same behavior on 10.2. When you publish a workbook using a published data source which has a data source filter (like USERNAME() or ISMEMBEROF), you do not have an option of "Generate Thumbnails as User" drop-down list anymore. There is similar discussion @ Tableau Server: How to Change Thumbnail "User Specific View" and there is IDEA https://community.tableau.com/ideas/5957 

           

          If Tableau intentionally designed such feature to prevent users from potentially disclosing sensitive data from thumbnail, it actually makes sense for me from data security respective although I do not like the generic view icon either. Why makes sense? Here is my thought process:

           

          • When you use the published data source that has data source filters, it means that you may not own the data source, you can see the data which you are allowed to see (based on the filter rules). If you have choice to generate thumbnail of other user's data, you will potentially  get some insights about other users' data which is against row level security design, which is not right.
          • It makes sense to allow you to generate thumbnail of your own data only. One may argue even you are able to generate thumbnail of your own data, you potentially leak your own data to others, which can be against row level security initial design. That has some good points too. Maybe that is why Tableau just decides not giving any options for you to generate thumbnails as user when you use published data source that has data source filter.
          1 of 1 people found this helpful
          • 2. Re: Row level security - with datasource filter - missing server thumbnail image
            Jeff Strauss

            Thx!  I totally see your well thought out point and see Tableau's thinking about not wanting to show a dashboard snapshot within a thumbnail that consumers should not be able to see.  Though, there should definitely be a better way!!!!!  I voted up the idea and if I could vote multiple times I would.  Chicago's motto: "Vote early, vote often"

             

            For now, we have removed the published datasource filter and impose upon the BI analysts publishing the workbook to apply the filter within the workbook itself.  This admittedly has it's own flaws, but thumbnails are an important identifier and this is the only identified way so far:

            FLAWS:

            1. Web editing, consumers can remove the datasource filter.  This flaw is minor for us as most of our consumers don't do web edit anyways

            2. BI analysts, they need to remember to apply the filter if they want their workbook to respect row level security.  In other words we are converting 65+ workbooks that all reference this published datasource for row level entitlements.  It would have been really nice to apply the filter ONCE, and that way if it needs to change, it can change ONCE.