2 Replies Latest reply on Jun 19, 2018 12:14 AM by Donna Coles

    Permission to project only if user in two AD Groups

    Eric Brennan

      Can I limit the project to users only if they are in two AD groups. Ie. Finance Group and Europe Group.  so if a person was in Finance Group and the US Group they will NOT be able to access the project.

        • 1. Re: Permission to project only if user in two AD Groups
          Ritesh Bisht

          Hi Eric,



          This should help


          Drag this to filter and select 'Yes'

          Screen Shot 2018-06-19 at 2.25.07 PM.png


          They should be in both the groups right ? , so 'AND' condition is needed.


          Replace my groups with Finance Group & Europe Group



          NOTE: Please add above filter to CONTEXT in order to have smooth functioning


          Screen Shot 2018-06-19 at 2.48.42 PM.png





          Please mark the answer as CORRECT/HELPFUL if it really helped you so that it can help others as well.

          • 2. Re: Permission to project only if user in two AD Groups
            Donna Coles

            Hi Eric


            I don't believe you can restrict access to Projects on Tableau Server in this way.   You grant access on a Group basis, so if Finance & Europe are both granted access, then a user in Finance OR a user in Europe can access the project.


            The options you have are to create another AD group that has the users who are members of both groups and then assign that group the permissions on the project.  The logic as to who ia a member of that AD group would all have to be managed outside of Tableau.


            Or you manage the access at a workbook level as well/instead, in a similar manner described above.  You'd have to apply this logic to all workbooks published in the project though, to get the behaviour you want, which could cause a bit of a management headache.  Also, the data you're accessing in the workbook would need to have a handle on the user's group membership, so you'd probably need to be adding somesort of connection to the postgres data to provide this info (by default, all the workbook has reference to would be the username of the logged in user, and not all the groups).