Ah good ole security. Everyone's favorite thing! While we don't use IC as our SIS I still think concepts in security are similar even though each situation is different. I think the security architecture is probably different for everyone. I'm sure you've probably read the documentation but I would point you to these articles below. I know when I was setting up ours I read all of this info several times. We ended up using a combination of most the outlined possibilities which is probably not a good idea..ha.
We use AD and I do have the principals/ap's groups in Tableau as well as other dashboard specific groups. For us we try to use SQL Impersonation whenever possible which uses row level in the database (user to school site views) and AD groups for security to the dashboard in Tableau.
Without seeing your setup, it sounds like based on your groups in IC ("Tableau group in IC") you might be able to use dynamic User Filter as outlined in the last link I provided. As long as you have a user (principal) to campus/location/school site defined you could filter data to just their site.
I hope this helps some as security can be confusing.
The easiest way to do this is if you are using datalinks in Infinite Campus to access your Tableau reports.
1. Make sure you use the security T/F option that CIC referenced in the Viz and set it to True.
2. Create a datalink for the report in IC and grant a tool right access for that link to the User or User Group (depending on how you do it at your district. I would suggest the group).
By limiting it to tool right access, you ensure that only people who need the report have access to it. At the point when they actually click the data link, the Tableau Viz security that you set up will kick in and the Principals will only view the calendars for which they have access..
If it is an assessment however, most assessments in Infinite Campus are not tied to a calendarID but simply tied to a student. If you look at the TestScore table, calendarID is not an option. If you want security for assessments, you can write specific sql to do the appropriate linking between test date, schoolID and end year to match to a calendarID.
Most of the tables we use to run Tableau have been created in our data warehouse so that we have consistency in data. It allows us to also have field-level security since any field that is potentially problematic (such as free/reduced lunch status) is never written into the table and we therefore do not have to worry about who can view it from the visualization when they look at the data behind it.