Tableau User Filters and Row Level Security

When you share workbooks with others using Tableau Server, by default they can access all the data shown in the views. Alternatively, you can create filters to limit the data that any given person can see. For example, in a sales report that gets shared with regional managers, you may want to allow only the western regional manager to see the western sales, the eastern regional manager to see the eastern sales, and so on. Rather than create a separate view for each manager, you can define a user filter or row-level security that allows each manager to see only the data for a particular region.
There are two approaches to row level security with Tableau:
  • Manually: You can manually create user filters that define the specific data each user can access. This method is convenient, but not automated.
  • Automatically: You can create a calculated field that automatically defines whether a user can access the data. This second method requires that you already have row-level security information in your underlying data source.

Create user filters manually

Follow the steps below to create user filters manually in Tableau Desktop.

Notes:
  • The steps below describe an installation of Tableau Server that uses the built-in local authentication instead of Active Directory. Refer to the Authentication topic in the Server Online Help to learn how to add and manage users using Active Directory authentication.
  • To use these steps in Tableau Server 8.0 and later versions, make sure to disable web editing for users. For information on securing user filters for web editing, see Securing User Filters for Web Editing and Data Server

Step 1

Log in to Tableau Server as an administrator and create three new user accounts on Tableau Server. In this example, the following new users are added.
UsernamePasswordFull NameLicense Level
chrischrisPat SmithInteractor
erinerinErin LockhardtInteractor
williamwilliamWilliam LaneInteractor

Step 2

In Tableau Desktop, connect to your data source. This example uses the Sample - Superstore Sales data source.

Step 3

Build one or more views for which you want to use row-level security. For this example, in the Measures pane, double-click the Postal Code field.

Step 4

Select Server > Create User Filter > Region.

Step 5

In the Tableau Server Login dialog box, log in to Tableau Server.

Step 6

In the User Filter dialog box, do the following tasks:
  1. In the Name text box, type Regional Managers.
  2. In the User/Group list, click Erin Lockhardt, and then in the Members list, select the South check box.
  3. Repeat this step for Pat Smith in the East, and for William Lane in the West.

Step 7

When finished, click OK. User filters appear at the bottom of the Data window in the Sets pane.
Match the users on the left with the values on the right.

Step 8

Drag the new Regional Managers set to the Filters shelf.

Step 9

When you add the user filter to the Filters shelf, the view becomes blank. To display the view for one of the regional managers, click the list arrow in the lower right area of the workbook window.

Step 10

You can display the name of the current user and region in the title to help the viewer understand that the view has been filtered. Select Worksheet Show Title (for 6.1 and earlier, select View > Title) to display the name of the current user and region in the title to help the person accessing the view understand that the view has been filtered.

Step 11

To set up the title, double-click the Title shelf (for 6.1 and earlier, select Edit > Title).

Step 12

In the Edit Title dialog box, do the following tasks:
  1. Select and delete the default tag title.
  2. Click the Insert drop-down arrow and select Full Name.
  3. Type 's Sales:.
  4. Click the Insert drop-down arrow and select Region.

Step 13

When finished, click OK. When you publish the view to Tableau Server, each user sees only their own data. Learn more about user filtering in the Desktop Online Help.

Set up automatic user filters

Instead of manually matching each user to data values, you can use a calculated field to automatically define the filter. To create this calculated field, your underlying data source must contain the security information you want to use for filtering. For example, if you want to filter the map view above so that only managers can see it, your data source must specify each user's role.

Step 1

In Tableau Desktop, do step 1, and then connect to data and build a view as described in steps 2 and 3 in the manual procedure.

Step 2

In this example, the security information is another table in the Sample - Superstore sales data source, called Users. The table has two columns: Region and Manager. All users who are managers are listed along with their respective regions. To join the Users table to the Orders table, select the data source in the Data menu, and select Edit Tables (for 6.1 and earlier, select Data > Data Connection > Edit).

Step 3

Click the Add Table button.

Step 4

In the Add Table dialog box, under Select the table to add, select Users.

Step 5

Click the Join tab. The default join clause is correct as stated.

Step 6

On the Join tab, in the Join Type drop-down list, select Left, and then click OK.

Step 7

In the Excel Workbook Connection dialog box, click OK.

Step 8

Select Analysis > Create Calculated Field.

Step 9

In the Calculated Field dialog box, do the following tasks:
  1. In the Name text box, type User is a manager.
  2. In the Formula text box, type the formula below, and click OK.
USERNAME()= [Manager]
 
This new true/false field appears in the Dimensions pane. This formula returns TRUE if the username of the person currently logged in exists in the manager table.

Step 10

Select Server > Log On, and log on to Tableau Server using your administrator username and password. 

Step 11

At the bottom-left corner of the view, click the user drop-down arrow next to your username, and in the Filter As User list, select one of the regional managers.

Step 12

Drag the User is a manager calculation to the Filters shelf.

Step 13

In the Filter dialog box, select True, which sets the filter so that only people who are managers can see the data in the view, and then click OK.
The benefits of this method are the following:
  • You do not need to manually manage user access to the row level data. As new users are added, the filter will automatically update.
  • Using a calculated field for row level security can increase performance as the number of users grows on Tableau Server