4 Replies Latest reply on Sep 13, 2017 11:27 AM by Toby Erkson

    You must be the owner of the viz in order to test the alert.  Aw darn it!

    Toby Erkson

      I was gonna help with some trouble-shooting by using the "test_alert" option until I encountered this:

      The following errors were encountered trying to process your alert:


      General errors:

      You must be the owner of the viz in order to test the alert.

      Alert Information:

      View URL:http://FriskiesCatFood.org/views/DailyReporting/MTDSalesDashboard
      Subscriber:terkson
      View Owner:RDog
      Site Id: Default
      Project: Part Sales Reporting

       

      Is there a way a Server Admin can override this restriction?

        • 1. Re: You must be the owner of the viz in order to test the alert.  Aw darn it!
          Matt Coles

          No, but also kinda yes. That is to say, this is a feature that is by design so that random users can't go a-commentin' an' a-schedulin' on other people's alerts, and do something they shouldn't. But, I acknowledge that limitation isn't always desirable. See Allow non-owners to drive VizAlert execution · Issue #119 · tableau/VizAlerts · GitHub , that's where I'm tracking this feedback and thoughts on how to make it better.

           

          If you need a workaround in the meantime, you can do it a few different ways:

           

          1. Download the workbook and re-publish it as a new copy, with yourself as the owner. Then comment on it.

           

          2. You can fudge the owner _sysname in the VizAlertsConfig\ScheduledTriggerViews viz so that it reflects your own username for that one particular viz. This would entail renaming the existing field to "owner_sysname_raw" or something, and then creating a calc called "owner_sysname". The calc would reference "owner_sysname_raw" except when view_id = [the view id in question], then you'd return "terkson". You would then remove the "owner_sysname_raw" field from the Detail shelf, and replace it with "owner_sysname". Publish it up again and you should then be able to comment (note that while you "own" it, your coworker would not be able to trigger the alert, either via Schedule or via comment).

           

           

          3. Subscribe your co-worker who owns the workbook to the view in question on a 15-minute VizAlerts schedule. Once the alert is triggered, remove him again.

          • 2. Re: You must be the owner of the viz in order to test the alert.  Aw darn it!
            Toby Erkson

            I get the idea behind the security, it makes sense.  After reading Has anyone switched from using the Github Advanced VizAlerts to the Integrated Alert in Tableau? (well, after it turned into the second conversation) having a Project Leader, Server Admin, etc. or not being an option in the workbook sounds appealing.  I say "not" because it should ultimately be up to the workbook author/owner as I'm thinking about HR and Finance reports that contain confidential data -- if the Server Admin cannot see people's passwords and must authenticate to 'Prompt user' for data source connections then they shouldn't have access to firing off VizAlerts at their whim.

             

            So my idea is that maybe there's a field that can contain a user ID and/or Site Role and/or Group Name etc. that is used to determine who has authority to "test_alert" that given View.

             

            Matt Coles wrote:

            ...

            If you need a workaround in the meantime, you can do it a few different ways:

            ...

            3. Subscribe your co-worker who owns the workbook to the view in question on a 15-minute VizAlerts schedule. Once the alert is triggered, remove him again.

            You totally lost me on #3   It's his workbook but I'm the one who wants to subscribe myself a VizAlert to it and "test_alert" it.

            • 3. Re: You must be the owner of the viz in order to test the alert.  Aw darn it!
              Matt Coles

              3. Oh, sorry, I realize you may be talking about a Simple alert, wherein the email would always be sent to him. You could always check the output in the logs and temp folder--the HTML will be there, and the viz image, along with the CSV. Another option is to use PaperCut to "intercept" the email so you can see what he's seeing. In that case you'd just start PaperCut, and update your vizalerts.yaml file to point to localhost as the SMTP server. Then mail would be sent to it instead of the standard SMTP server. Not a good move for a production installation of VizAlerts unless you're quite sure no other important alerts will run while you've got it redirected.

               

               

              With auth, if you are being prompted to provide credentials to access a viz, it means they didn't embed credentials. Which means they can't Subscribe to it in the first place. So as an Admin, you should be able to see pretty much any viz that someone was able to create a VizAlert from. Though I guess they could use "Viewer Credentials" or impersonation. But that'd be the only case, I think.

              • 4. Re: You must be the owner of the viz in order to test the alert.  Aw darn it!
                Toby Erkson

                Matt Coles wrote:

                 

                3. Oh, sorry, I realize you may be talking about a Simple alert, wherein the email would always be sent to him. You could always check the output in the logs and temp folder--the HTML will be there, and the viz image, along with the CSV. Another option is to use PaperCut to "intercept" the email so you can see what he's seeing. In that case you'd just start PaperCut, and update your vizalerts.yaml file to point to localhost as the SMTP server. Then mail would be sent to it instead of the standard SMTP server. Not a good move for a production installation of VizAlerts unless you're quite sure no other important alerts will run while you've got it redirected.

                Okay, thanks.  Too much work but an option for those who just gotta!

                 

                Toby Erkson wrote:

                ...if the Server Admin cannot see people's passwords and must authenticate to 'Prompt user' for data source connections then they shouldn't have access to firing off VizAlerts at their whim.

                Matt Coles wrote:

                With auth, if you are being prompted to provide credentials to access a viz, it means they didn't embed credentials. Which means they can't Subscribe to it in the first place. So as an Admin, you should be able to see pretty much any viz that someone was able to create a VizAlert from. Though I guess they could use "Viewer Credentials" or impersonation. But that'd be the only case, I think.

                Correct.  I was using the whole "prompt for credentials" as an example of security as it applies to admins and thus another reason why they shouldn't have a cheat code to the VizAlerts game