Upload
others
View
7
Download
0
Embed Size (px)
Citation preview
Welcome
Data level security with Tableau Desktop
Douglas ChopeSales Consultant
Tableau – SLED
(571) 338 9728
# T C 1 8
• Douglas Chope: [email protected]
I have spent much time thinking about security – hence the grey hair. I look forward to
an ongoing dialogue on best practices safeguarding your
data in Tableau.
Agenda
• Data Security & The Three Other Tenets Of Security
• Tableau Desktop Centric Approaches• Hybrid Live Connection & Extract • Hybrid DBMS – Tableau Row Level Security• Row Level Security with Tableau 2018.3• Aggregation, Blurring, Recoding, Redacting
• Tableau Server• Published Data Sources• Data Authentication
Authentication LOCAL | ACTIVE DIRECTORY | SAML/KERBEROS/OPENID | TRUSTED TICKETS
Authorization SITE ROLE | DEFAULT & CUSTOM PERMISSIONS | INHERTITANCE & OVERRIDE
Data Security DATABASE USER & SERVICE ACCOUNT | CONTENT PERMISSIONS | TDE BINARY
Network Security CLIENT-SERVER SSL | DATABASE DRIVERS | STRINGENT TRUST MODEL
Compliance SARBANES-OXLEY | SOC 2 REPORT | EU-US PRIVACY SHIELD
Security & Compliance
Leverage existing technology standards to securely manage the platform
Data level security with Tableau Desktop
Thank You For AttendingPlease Reach Out Anytime To Collaborate On Best Practices
Douglas Chope
Sales Consultant
Tableau
(571) 338 9728
RELATED SESSIONS
Tuesday, October 23Implementing Tableau Server Security10:45am – 11:45pm | MCCNO – L2 - 240
Tuesday, October 23Big Easy Data Security 4:00 – 5:00pm | MCCNO – L2 - 297
Thursday, October 25Tableau Server Security in Depth 4:00 – 5:00pm | MCCNO – L3 - 351
Please complete the
session survey from the My
Evaluations menu
in your TC18 app
Core Requirements: Internal Data Collaboration & Public Reporting
Core Requirement Tableau Approach
Restrict PII data Live Connection &
Extract
Prevent the possibility of identifying
individuals within aggregated data
Business Rule Logic in
Calculated Fields
Personalize data to individuals by role Row Level Security
Data Collaboration & Transparency Tableau Server
Risk: Identifying Individuals Within Aggregated Data --- The Small N Problem
Source: Data Quality Campaign: Understanding Minimum N-Size and Student Data Privacy: A Guide for Advocates June 2017 (pg 2)
Demo: Data Recoding & BlurringReporting %, Range Bins, Rounding, Aggregating
Demo – Use of Sets To Suppress Data
Demo – Suppress All Cells In A Row If Any Of The Cell Values Are Below The Minimum Threshold
Row Level Security Options
Source: Russ Goldin Tableau Sales Consultant; Tableau Stories v2.0
Data Row-Level Security: 3 Options
1. Completely managed by database - AUTOMATED
1. Must use Live connections
2. All end users must exist in database
3. End users log in as themselves to the database
2. Hybrid which leverages a user security table in the database, criteria enforced in the “WHERE” clause in Tableau - AUTOMATED
1. Live or Extract
2. Leverage Data Server
3. Use Data Source Filters
1. username()=[user column from security table]
2. Calculated field based on username()
3. Filter is always enforced in “WHERE” clause but transparent to end userKnowledge base article
3. Completely managed in Tableau - MANUAL
1. Live or Extract
2. User Filters built and applied per workbook or datasource
Be
st P
ract
ices
Do you have an EDW?
Yes?
Do you already have DB credentials for each user?
Yes?
Option #1
No?
Do you have a security mapping table?
Yes?
Option #2
No?
Option #3
No?
Row Level Security: Decision Tree
In Conclusion - Best Practices
• Leverage the Power of Tableau Desktop to Aggregate, generalize, mask and redact data
• Follow Tableau guidance such as outlined in the Security Hardening Checklist
• Apply all applicable data security in Tableau AND the Database
• Dynamically leverage Live Connections for sensitive data in combination with Extracts for less sensitive data
• Restrict individual users from specific data rows and columns based on a field (role and/or username)
• Published Data Sources, Data Server and the governance of Tableau Server