3 Replies Latest reply on Oct 31, 2018 9:23 AM by Carisa Chang

    Tableau Server Double Hop issue to Sql Server

    Abby Palcer

      I am very new to the Tableau Server. As I was setting up the server to access my sql server, I noticed I was loosing my network credential. I am an admin on the Tableau Server and I am an admin on the SQL server. Because of the way my company is building reports, I need the network credential passed through to the database. I don’t want use a service account between the server and sql.

      The double hop is preventing me from doing that.

       

      Any thought?

       

      Tableau Server and SQL databases are on separate servers. If I move them to the same server, will that prevent this issue? or is that not a good idea?

        • 1. Re: Tableau Server Double Hop issue to Sql Server
          Carisa Chang

          Hi Abby,

           

          Could you elaborate on what you mean by 'double hop'? Tableau Server should be able to pass your credentials to SQL Server, the exact method would depend on the authentication method you choose.

          • 2. Re: Tableau Server Double Hop issue to Sql Server
            Abby Palcer

            What is the issue?

            I have a Tableau Report setup to run against a SQL Server.  When I run it locally on my Tableau Desktop, I have no issue accessing the database.   However, when I deployed the report to the server and tried to run the report from the server I get Login Failed for the Server. (Login failed for user 'Network\ServerName$).

             

            Once we saw that error, we added a Service account  to the Tableau Server.

             

               On the Tableau Admin site  -> under the Security Tab -> On the Run as Service Account tab:

                       The Run as Service Account is set to User Account. The account I am using is a service account.

             

            I tried to run the report again from the server.  Now I get the same error as above. However, instead of telling me login failed for the Server, it is telling me login failed for the service account.

             

            So I granted the service account read only access to the database.

             

            I ran the report again and this time worked.

             

            Additional Piece of Info:

            The Tableau Server is running on a Windows Box. We do use Active Directory for security at a network level. I am planning on using AD as security at the database level.

            The tableau server is not on the same server as the sql database.

             

             

            My Problem/Question:

            1) We are planning on doing row level security in the database.  If the Tableau Server is passing in the Service Account from Tableau, how am I suppose to know who is running the report at the database level?

            2) To pass the network login account,  should I move the Tableau Server to the same Server as SQL?

             

            I tried:

            1) To change the Authentication Mode from user and Password to Kerberos.  But I am getting confused with the KeyTab file.  I read somewhere that since I am on a Windows machine with AD, then I shouldn't need a keytab file since AD should handle that.  But Tableau Server is looking for one. So what keyTab file should be uploaded?  I am developer and not a system admin. Where do I get the keyTab file from AD?

            2) I also was reading on SQL Impersonation.  I don't think I want to go down this path either since all of this is setup on the report level. I want to control the access between the Tableau Server and SQL Database. The person writing a report should not care who about security.

             

            Hope this clears things up? It could make it worse!!   Any help would be greatly appreciated.

            • 3. Re: Tableau Server Double Hop issue to Sql Server
              Carisa Chang

              Hi Abby,

               

              That helps immensely! I would start by reading this page, if you haven't already, which covers the different types of authentication available for data connections on Tableau Server:

              Determine how others access your published data - Tableau

               

              Once you've identified the method that you would like to use, if you have issues setting it up, Tableau Technical Support can assist you with getting it up and running. You can open a case via the Customer Portal or tableau.com/support/requests

               

              Hope that helps!