Do I Need Row-Level Security (RLS) in Tableau?

Data

Do I Need Row-Level Security (RLS) in Tableau?

“Do I need row-level security (RLS) in Tableau?” This question, or a version of it, is brought to us often. RLS can seem abstruse if you have not touched it before. In this blog series, we will approach the question above, as well as introduce basic concepts around RLS and a couple of implementation options with examples, all in a way that is hopefully approachable for everyone!

The main issue that drives the need for RLS is trying to customize data based upon a user or a group of users. This is a familiar need of our clients, but if they are not fully aware of RLS options, they can find other creative solutions that might scale poorly or cause headaches in the long run. An example of an alternative solution that signals a need for RLS is users trying to maintain multiple copies of the same extract or workbook from a single database. So, if you think you need RLS based on the scenario described above or something else, let’s take a look at row-level security from a high level to see if it is appropriate for your situation.

What Does RLS Do and How Does It Work?

RLS provides the ability to have one object (a dashboard, workbook or data source) provide different data to different audiences. We can avoid creating similar versions of the same object (e.g., a South Region Sales Dashboard and a North Region Sales Dashboard).

An RLS solution in Tableau will reference an attribute of the logged-in user, usually their Username or one of their Group memberships, and then filter the data down to what that user or group should see based on logic the developer has implemented. Sometimes, a table with attributes about your users is joined to your data to help support this logic; this is called an Entitlements table, and we will talk about this in the next post.

Consider the Big Picture

If we zoom out a bit, we can think about three levels of security in Tableau:

  1. Access to a Tableau Server Site
    • Anyone on the site gets the full experience of a dashboard, workbook or data source.
  2. Object-Level Security Using Projects
    • Applied to Projects, Workbooks or Data sources on Tableau Server/Online
    • Anyone in permissioned group(s) or specifically permissioned individuals gets the experience described by the permissions. They will see all the data in a data source or workbook.
    • Can depend on how content is organized into Projects
  3. Row-Level Security (RLS)
    • Each user or group of users can get a different dashboard experience.
      • Different users will see different portions of the data.
    • Applied within a data source (best-practice) or workbook
    • Will still want to consider and use object-level security, most likely

The last point is critical: A good RLS solution will consider both row-level and object-level security. A lot of the time, this is as simple as a specific workbook or data source only being relevant for one area of the business, thus denying permissions for all other areas, but it can get more complex. Added complexity usually comes from large scale user bases and different levels of permissions being included.

If you think you might just need object-level security, check out Igor’s blog, Tableau Server Permissions: A Complete Guide.

If it is sounding like you need some guidance around row-level security, go ahead and keep reading the two following blog posts where we walk through the core building blocks of RLS solutions and basic implementation patterns.

Tableau’s Upcoming Centralized Row-Level Security

Tableau is expected to include Centralized RLS only through Tableau Data Management in an upcoming release. This will allow RLS policies to be implemented on the Server in a single location. All the components we will mention in this blog series should retain their relevance, but the process to implement and maintain these solutions should be even easier! Keep a lookout for another blog when we get our hands on it.

A Quick Note on Other Security Options

If you are considering providing different column access (column-level security) in a data source to different users, note that Tableau does not support this functionality. We recommend handling this functionality in the database itself.

If there are requirements to keep the data separate in the database, bringing the data together in Tableau and using RLS to manage access may not be appropriate.

Trusted Advice from Tableau Experts

And if you find yourself with more RLS questions or are not quite sure what considerations to weigh, reach out! We’re ready to guide you through this decision-making process, help you navigate your current implementation and explore and understand the best options are for your situation. Let us know how we can help, and check back soon for the next installment in this blog series!

More About the Author

Grant Eisenmenger

Analytics Consultant
Do I Need Row-Level Security (RLS) in Tableau? “Do I need row-level security (RLS) in Tableau?” This question, or a version of it, is brought to us often. RLS can seem ...
Introducing InterWorks Translate, Our DataDev Hackathon Project At InterWorks, we have always been a group of tinkerers. Near the end of last year, we had the opportunity to launch the Amazon ...

See more from this author →

Subscribe to our newsletter

  • I understand that InterWorks will use the data provided for the purpose of communication and the administration my request. InterWorks will never disclose or sell any personal data except where required to do so by law. Finally, I understand that future communications related topics and events may be sent from InterWorks, but I can opt-out at any time.
  • This field is for validation purposes and should be left unchanged.

InterWorks uses cookies to allow us to better understand how the site is used. By continuing to use this site, you consent to this policy. Review Policy OK

×

Interworks GmbH
Ratinger Straße 9
40213 Düsseldorf
Germany
Geschäftsführer: Mel Stephenson

Kontaktaufnahme: markus@interworks.eu
Telefon: +49 (0)211 5408 5301

Amtsgericht Düsseldorf HRB 79752
UstldNr: DE 313 353 072