Thanks for the information. It is very helpful as I look to reconfigure our TS for use with 10.5.1.
Do you know if the developers are looking at other permissionings within the folder structure beyond 10.5.1? I'm specifically looking for them to add the following abilities:
- Locked sub-folders
- Publishing rights only within sub-folders, not the parent folder as well
In case Tableau developers are looking at this, here's why:
- Our Marketing umbrella has about 12 different groups, each with their own folder currently
- Each folder uses AD-groups for permissions such that only members of that specific marketing group can access their group-specific workbooks
- Each folder has one or more publishers just for that Marketing group
- We also have folders in which all of Marketing can access
It would be nice to have:
- One Marketing folder (primary)
- Workbooks available to all of marketing are then stored here
- Sub-folders within the primary would then allow each marketing department their own space for their own workbooks
- Publishers for each space would only be able to publish to their specific spaces, not the area where all of Marketing can get to -- that should be the role of the primary project owner/publisher, not a sub-folder owner/publisher
- Locked sub-folders would allow the sub-folder owners to dictate which AD-groups have permissions and allow workbooks published to the sub-folders take on the permissions of the sub-folder, not the primary (since not everyone with access to the primary should be able to view a workbook in a sub-folder).
1 of 1 people found this helpful
Pls vote the following IDEAS:
Thanks, Mark. I've voted up for these ideas. We will likely forego using nested folders in many cases until permission options available are more in line with our business.
Thanks Mark for sharing the details.
My question is for upstream inheritance for UNLOCKED child projects to the parent project which does not seem to work today. Unlocking leads to disconnected parent and child project level permissions.When you permission a new group on a child project, the same does not get updated on the parent project. You have to also add the group on the parent same as done on child. Ideally, for permissions, the parent should be the master level permission whereas the child project can have one or more of the groups that are permissioned to the parent.
I do vote for locking child projects which will help to restrict and inherit permissions on workbooks and data sources. But additionally, would want to atleast be able to easily manage and have visibility of the full permission coverage on the parent level based on all the groups the child projects are permissioned to.
Do you have any suggestions and is there a way today which I am not aware of?
Forum, There are two types of permission at project level. One is who can publish to this project, two is who can access the content of the project. I will talk about both here:
- Who can publish to this project? Tableau does make us to duplicate the publisher permission efforts at child project level and parent level. Given this is the way how it works, how to do the setup? Pls see example @ Publisher permissions on Nested projects
- Who can access the content of the project? Actually this type of permission is purely controlled at workbook or data source level. The permissions at project level are only as default during the publishing process. However publishers (owners) can deviate to whatever permissions during or post publishing, which is why Tableau calls permission managed by owner (unlocked). For example, even group ABC has no access permission at parent or child level, when I publish a workbook, I can give group ABC access to my workbook - there is absolate nothing a project level at parent or child level can do about.
Seems to me that you want parent level to automatically have full access permissions that each child level has. Today Tableau parent project level and child project level permissions are completely separated and independent, which gives us flexibility to meet different use case (for example, there is other use case where small group of ww users to access parent level only). Let's say that Tableau has the feature you asked in the future, it still does not matter due to the fact that access permission is actually controlled at workbook or data source level, unless Tableau allows us to lock permission at child project level.
How to achieve what you are asking today? It can be done if you sync Directory groups with Tableau server groups: Let's say that the WW SALES project has AMR, EMEA and APAC sub-projects. I will have 4 Directory groups syncing to Tableau server: AMR-Interactors, EMEA-Interactors, APAC-Interactors, and WW-Interactors. The WW-Interactors Directory groups has all other 3 groups as sub-groups. After all those 4 group syncing to Tableau server, and you give WW-Interactors interactor permission to WW SALES project, AMR-interactors to AMR, etc. When you permission a new AMR-West group, you can add it to AMR-Interactors in your Directory, that is all.
Hope this help.