1 Reply Latest reply on Dec 11, 2018 10:53 PM by Chris McClellan

    How to Implement Dashboard Extensions

    Mark Wu

      Dashboard Extensions

      The good: Dashboard extensions give you the ability to interact with data from third-party applications directly in Tableau. Capabilities like write-back to a database, custom actions, and deep integration with other apps are all at your fingertips.

      The bad: Dashboard extensions also means potential data vulnerability when third-party extension used even on Desktop or Server :

      • Extension can access workbook's summary data by default and full data with additional confirmations.
      • Extension can access the user's IP address, Tableau Desktop or browser versions, screen resolution, and device type.


      How to adopt Dashboard Extensions at large enterprise?

      1. Extension for Desktop:
        • Extension should be turned off by default on Desktop if your company controls user Desktop installation
        • Some super technical Desktop users can turn extension on by themselves. Read here for details.
      2. Extension for Server :  Tableau server should have the following policy setting or enforcement (no matter Linux or Windows):extension_setting
        • Unknown extensions can’t run on Tableau server - this is the most important setting. Similar as guest account should be turned off by default,  'enable unknown extension to run' should be off by default.
        • Unfortunately you will have to do this for every site. Please vote IDEA
        • Every extension has to be added to the safe list by server admins
        • Hopefully server admins have policy to add only https://*.company.com/xxx URL in safe list. It means that third-party extension has to be hosted on-premise before it can be used.
      3. Extension Gallery :
        • Some people may not agree with me here. For me, any third-party extensions is unsafe since they can change extension definition without your knowledge or agreement, includes those from Extension Gallery from official Tableau website
        • The secure approach requires all extensions hosted in your company's web server.
        • From high level, extension is not safe if it is hosted outside your company. Extension is considered 'safe enough' if it is hosted within your company's firewall.
        • Large enterprise should consider to create your own extension gallery for your publishers to share their extensions within your firewall.