Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

Tableau Server and Database Logins

advertisement 
Tableau Server and Database Logins
Views published to the Tableau Server are dynamic in accessing the database to retrieve current data.
Whenever a view is opened, if the data source for it is a database that requires a login (as opposed to
something like an Excel or text file) the Tableau Server needs to know what database username and
password to connect as to retrieve the data. Tableau Server has several options and settings that work
together to specify what database username and password will be used for accessing the data. The
table below summarizes the alternatives. The column headings refer to the technique used when
creating and publishing the view from Tableau Professional. It is important to keep the distinction clear
between the Tableau Server login technique which is used to gain access to the Tableau Server itself,
and the database login that may be required for each view that is published to your Tableau Server.
As noted in the table below, all user based filters defined in Tableau are independent of the database
authentication type. User Filters are a Tableau Server feature that enable dynamic data filtering (cell
level) based on the username or group of the current user. More details on User Filters can be found in
the online help1.
Summary of Authentication Options
Tableau Server logs into
the database as:
Tableau Server provides
per user data security
via User Filters:
Tableau Server
leverages the existing
user based data
security built into my
database:
Tableau Users can share
caches:
1
2
Windows Integrated
Security (NT
Authentication)
“Run as” user of
Tableau Server2
Username & Password
Prompt
Embedded Username &
Password at Publish
Each user is prompted
for their database
credentials, which they
can choose to have
saved.
Yes
Yes
The database
credentials specified by
the author when the
view was originally
published. The Tableau
Server user is not
prompted for any
credentials.
Yes
No. All users share the
same database login.
Yes, the individual user
identity is known to the
database.
No. All users share the
same database login.
Yes
A cache is created for
each user/password
combination
Yes
Online Help
This is the ‘Server Account’ as defined in the Server Administrator Guide
Details on Authentication Options
All discussions below are with respect to the database security itself and do not impact the ability to use
‘User Filters’ in Tableau Server. The options can be set per datasource – each view in Tableau can only
have one datasource, but different views on a dashboard can come from different datasources.
WINDOWS AUTHENTICATION
The Tableau Server uses the ‘Run As User’ credentials to connect to the database. All users of the
Tableau server will share this same connection information for the database. This does not use the
credentials of the publisher or the credentials of the user logged in to Tableau Server. Using this option
is only relevant when the database being used also supports Windows Integrated Security. The most
common example is SQL Server or SQL Server Analysis Services. When the Tableau Server is configured
to use the Network Authority user as the ‘run as user’, all requests to the database will result in a
prompt to the end user, as by definition, this Network Authority account does not have rights to connect
to a database.
USER NAME AND PASSWORD (not embedded)
Each user of the Tableau Server will be prompted to log in to the database with their database specific
user name and password. If you already have database security set up, this is a good option to make
sure that security is honored by the Tableau Server. There is an optional setting to allow Tableau Server
to remember this password so users only have to enter it once.
EMBEDDED CREDENTIALS (not for use with Windows Authentication)
The Tableau Server uses the published credentials to connect to the database. All users of the Tableau
server will share this same connection information for the database. The publisher embeds a set of
credentials – username and password.
Common Questions
Q: Can I automatically pass the credentials of a Tableau Server user to the database?
A: No – with one exception. If the ‘Saved Passwords’ option is turned on in the Tableau Server
Administration panel, then a user only needs to enter their credentials one time per datasource. These
datasource credentials are then stored in the Tableau Server and re-used for that users next connection
to the same datasource. Note that these credentials are separate from those used to log in to the
Tableau Server.
Q: I’m using active directory for my Tableau Server authentication and my database authentication.
Will the user’s credentials automatically be passed to the database?
A: No. Regardless of the Tableau Server authentication method, any datasource using NT
authentication (Active Directory) will use the Tableau Server ‘Run As’ user to connect to the database.
The exception is if the Tableau Server ‘Run As’ user does not have authority to connect to the database
(as in the Network Authority account), in this case the end user is prompted to provide their own
database credentials.
Q: You mention using the ’User Filters’ as a way to implement database security. What is meant by
this?
A: One technique to implement data level security is to define rules in the database itself that enforce
data value restrictions based on the identity of the user making the request. Generally this is
implemented by creating database views which include a where clause element to set a restriction on
values based on the username of the active database user. With Tableau Server using the Integrated
Windows Security option or with views where the publisher specified a database username/password to
use, the database will have the active user as one of these username, rather than the individual end-user
identity. Tableau views can be constructed to include a special calculated column using a variety of
variables based on the user name or group membership of the user that is logged in to the Tableau
Server. Adding this column to the filter shelf in Tableau Professional ensures that the user only sees data
that matches the condition of the filter.
Related documents
Junior Business Intelligence Analyst
Junior Business Intelligence Analyst
Literacy through Common Core State Standards and the Arts
Literacy through Common Core State Standards and the Arts
Instructor: Assoc
Instructor: Assoc
Data Storytelling With Tableau
Data Storytelling With Tableau
Agenda
Agenda
Simplex Tableau
Simplex Tableau
Download
advertisement