The Blog

Row vs Column level security

Column and row level security are types of security which can be applied to your views. The difference between them is significant. As it ends up changing how data is aggregated/shown. For example (ex 1) if we have three different blue fields: Region, Category, Sub-Category.

Ex 1

Row Level Security would work at individual breakdowns of each field. For example, CATEGORY has 3 rows: Furniture, Office Supplies, Technology. Therefore with row level security we make the user only see one or couple categories.
While Column row security works on the fields themselves, hiding all information in them. What does this mean?

ROW LEVEL SECURITY

Create a new field for sub-category

IF ISMEMBEROF('something')
THEN [x]
ELSE 'Redacted'
END

Where "ISMEMBEROF"

At the moment it's not a column level security but

When DS31 checks they do not see regions but can see the sub-categories

Another thing to note is that the numbers between the two people would be different as one of them would see the sales broken up by region, while the other group of people would see them broken up by region and not sub-category. Which, as mentioned before changes how the data was aggregated.

In order to make sure that the country and region could not be brought back into the view, we need to hide the fields from the data. Best way to do this would to go into data source and add it as a filter there as a data source filter, these take precedence before any other filters. If it is done as in the example, one could still unhide the data and see it as non redacted

Row Level security on the other hand gets rid of individual rows, this is useful if one has regional managers in their stores and the company does not want them to know what kind of sales are being made in different regions.

To create one just go to server -> create user filter and choose your preferred filter.

In the end the view would look like this, where the filter was added to context and for example, I would only see the central region as a central region manager, and the sales for those.

This can also be done on the data source level to make sure no one could remove the filters.

In the end it should be mentioned that if people are "admins" on your tableau server, they bypass this rule and could still adjust the data source filters and other filters in general, therefore it would not work on them.

Thank you for reading :)

Author:
Algirdas Grajauskas
View Profile
Powered by The Information Lab
1st Floor, 25 Watling Street, London, EC4M 9BR
+44 (0) 8453 888 289
INFO@THEINFORMATIONLAB.CO.UK
About
Apply
Locations
The Team
Coaches
Blog
Events
Privacy Policy
Terms of Use
Cookie Policy
Subscribe
to our Newsletter
Get the lastest news about The Data School and application tips
Subscribe now
© 2025 The Information Lab