I have a question about how Tableau server passes data access to the published views. I have a view that was published with prompt for password authentication. I have received several emails that users that have access to the project folder can access the view and see data without being prompted for a password. These users should be prompted for a username and password because they do not have access to the data source. Could the published extract be caching the original publishers credentials?
I have turned off guest access. We have SAML authentication setup. All of the users that are not publishers are set to viewer roles. This is a big issue because we are about to role this out enterprise wide.