What is the best strategy for row-level security?

tableaucommunity@tableau.com — Tue, 15 Mar 2011 20:23:52 GMT

Hi,

I'm new to Tableau having only discovered it in the past couple of weeks, but already looking to use it as part of multi-tenant product that we run.

We'll be using Tableau Server with embedded views and trusted authentication, which I've successfully prototyped. We'll also be looking at providing some of our clients' power users with the Desktop product so they can create and publish their own views.

As it's a multi-tenant system the delineation between each client's data has to be be really robust, so I'm thinking that row-level security at the DB is probably the only prudent way forward.

We don't use AD so the Server is running with Local Authentication. We will typically offer each of our clients (let's say we have 20 for now) a 'starter pack' of two or three standard workbooks.

In an ideal work we would just create the workbooks once, and then let Tableau Server work out which user is logged in, look up the correct db credentials in some kind of secure credential store, connect to the db and serve up the row-level secured view accordingly.

Now, I'm pretty sure that that's not possible yet. So, the other end of the spectrum is that I publish 20 data sources with appropriate credentials, 20 copy/pasted workbooks, 20 client-specific projects, and tie-down all the permissions so that each client can only see what they are allowed to see. All possible, but quite a bit of an administrative headache.

I'm hoping that someone will be able to tell me that a middle way exists!

By the way, I did briefly think that User Filters might be an alternative to Row-Level security, but then realised that they can just be turned off by a power-user. So that's not an option.

Can anyone offer some sage words of experience on this topic? Would be much obliged.

Cheers

Ian

Content in Tableau Community Forums

What is the best strategy for row-level security?