1 Reply Latest reply on May 10, 2017 1:48 PM by diego.medrano Branched from an earlier discussion.

    Can we view indirect & effective permissions for unlocked projects?

    jennifer.bielak.0

      Hi all, I am another accidental Server Admin (actually a Site Admin).

      My main issue is managing/auditing permissions on views/workbooks when things are not locked to the project. Right now we have 7 departments using Tableau Server, which means we have 14 projects because every department needs a QA/Sandbox project. Data sources are published directly in projects but as we scale up we are going to run into data sources that multiple departments need to use. The way things are currently set up would mean that we publish the data source multiple times (in each project that applies). I don't see that as a long term solution since data sources need to be maintained. If there was an option to publish a data source to multiple projects, this would be easier (i.e a check box for every project you want to publish to). The other option is to publish the data source in a community project and then add permissions to an individual data source.

       

      The issue is: There is Data Source A in the community data source projects. Chris has been given access to Data Source A, Jennifer has not (she is left unspecified). Both Chris and Jennifer are in Finance. Chris builds a workbook off Data Source A and publishes it in the Finance Project. When Jennifer opens the workbook, she can see the views and interact with the data even though she has not been given access to the data source. There is no way to specify the "All Users" group as 'denied' on the data source and have another group hold users that are allowed access. You have to explicitly deny users access otherwise it will default to 'Unspecified.' Simply creating a group of people who have access to the data source therefore does not work. It would almost be more effective to create a group that contains users who are specifically denied access.

       

      All of the above would be much more manageable if I could harness Tableau Server repository to show me who had indirect/effective permissions to workbooks, views, and data sources.

       

      Not sure if anyone has this issue.