I am going to do my best to clarify some of the permissions that are asked about above. The View permission (illustrated below) is for restricting people from seeing the published view at all.
To prevent them from accessing the data you want to restrict the 'Edit' permissions for those individuals as well as the Web Edit permissions.
IF the user can download the workbook they will be able to 'access' the underlying data source by a few different methods.1) Downloading the data source, given it is a live connection, will allow them to 'access' the data source depending on the authentication method when the data source was published.
See this section of the Online Help on setting permissions to the data source when it is published: http://onlinehelp.tableau.com/current/pro/desktop/en-us/help.htm#publishing_sharing_authentication.html#auth-types
Finally, another option for restricting data source access is the ability to set Row level security in Tableau : Restrict Data Access with User Filters and Row Level Security
I hope this helps! Let me know if you having additional comments or questions.
1 of 1 people found this helpful
Yes, permissions can be confusing and I reference the admin guide at times about it.
First, you can set permissions for Guest:
Since you don't want the Guest users to view the data just set the permission rule for Data Sources to "None".
Just to be aware, there are some effective permissions that occur regardless of how permissions are set for some users, for example, even though I gave the Guest user Editor permissions that user account is really only allowed View and Download permissions:
Setting the View permission rule simply allows a user to see the data source on the server: Set Permissions on Individual Content Resources.
~ If you want non-Guests the ability to view the data source, download it, etc. then you set the All Users permission rule to what you want. Users who are registered in the Tableau Server and log in to the Tableau Server will fall into the All Users permission rules, they will not be considered as a Guest. However, just a note here, if you do not set up Guest a rule permission then by default Guest users will use the All Users permission rules but since they are a Guest they naturally won't assume all of the exact permissions of All Users as exampled by Fig.2. Understand this: How Permissions are Evaluated
~ If you have a group of certain users that you want to have additional permissions then create a user Group and put those people in it. Then you can set the permissions for that Group and the permission rules on it will only apply to them. If you look at the Group I have, Admins From Another Mother, you'll see they have different permissions from All Users, Guest, and me (the "Erkson, Toby (164) bit).
~ You could also use a Live Connection to the data source and do NOT embed credentials in the workbook. This forces users to supply their credentials in order to connect to the data source and thus the data will be enforced by user-level permissioning.
Does "view"ing a data source really just mean enabling the data source to populate the dashboard charts and tables, or does it mean anyone with server access can actually view my underlying data?
Well, this depends.
Are you talking about the View permission for Workbooks (1)
or for Data Sources (2)
(1) Guest can see the workbook.
(2) You know, I'm really not sure since I cannot easily test for Guest since Tableau doesn't allow Server Administrators to perform impersonation. According to Guest account characteristics, it's necessary if a "...Guest user needs to access a workbook with an extract connection". You should test.