Tableau server permissions part 2 – Overlapping and Default permissions

by Robert Headington

In part one, we looked at how you can assign permissions to groups and users. Here we look at what happens when users are part of groups with overlapping permissions and how default permissions work.

Overlapping permissions

Normally a user in groups with different permissions is given the highest level of permission available to them. However, there is one big exception: when the user or one of there groups have been denied permission.

When this happens, the permission set to them will be dependant on the above flow. If that user has been specifically denied a permission then they won’t have that permission – no matter how many groups they are part of that have that permission. Similarly, if a user has been allowed a permission, they will have that permission even if every other group they are part of has been denied that permission.

If the user has neither been denied/allowed that permission (i.e. it’s set to None for that user or no user-specific permissions have been set for them) then if any group that the user is part of has been denied the permission, then the user will also be denied.

If this is not the case and the user has been given the permission as part of one or more groups then the user will have permission. If the user has not been given permission as part of any of there groups, they will not gain that permission.

Knowing this logic helps you assign the right users to the right content. The main things to take away is that

  • if a user is given too many or not enough permissions, you can always manually set that person’s permissions and that will overwrite any group permissions
  • The server will always look to deny people below they will look if the permission is allowed.

Default permissions

As the default, if you are looking at a project that is only contained in the ‘Site’ (top-level projects) this will be set to what the permissions are set up as in Tableau’s automatically generated project called ‘Default’. So, if you want all new top-level projects to automatically have a certain set of permissions, you can change the permissions in the ‘Default’ project and this will apply to all new projects.

All other projects (i.e. projects within a project), workbooks, data sources and Prep flows will automatically be set to have the permissions of the project it is contained within unless you specify otherwise (like when you publish a workbook into Tableau server, you can set the permissions for that workbook if you have been given the power to set permissions for the project it is going into).

Avatar

Robert Headington

Tiny tableau tip: how to copy formatting between worksheets

1 mins read

Wed 22 May 2019

Tiny tableau tip: how to display negative numbers as positives

1 mins read

Thu 16 May 2019

Tiny tableau tip: how to see all your sheets in one view

2 mins read

Tue 14 May 2019

Dashboard week? day 3: Playing with a new tool

1 mins read

Wed 01 May 2019

FacebookLinkedInTwitter

© 2024 The Information Lab Ltd. All rights reserved.