Welcome

Data level security with Tableau Desktop

Douglas ChopeSales Consultant

Tableau – SLED

dchope@tableau.com

(571) 338 9728

# T C 1 8

• Douglas Chope: dchope@tableau.com

I have spent much time thinking about security – hence the grey hair. I look forward to

an ongoing dialogue on best practices safeguarding your

data in Tableau.

Agenda

• Data Security & The Three Other Tenets Of Security

• Tableau Desktop Centric Approaches• Hybrid Live Connection & Extract • Hybrid DBMS – Tableau Row Level Security• Row Level Security with Tableau 2018.3• Aggregation, Blurring, Recoding, Redacting

• Tableau Server• Published Data Sources• Data Authentication

Authentication LOCAL | ACTIVE DIRECTORY | SAML/KERBEROS/OPENID | TRUSTED TICKETS

Authorization SITE ROLE | DEFAULT & CUSTOM PERMISSIONS | INHERTITANCE & OVERRIDE

Data Security DATABASE USER & SERVICE ACCOUNT | CONTENT PERMISSIONS | TDE BINARY

Network Security CLIENT-SERVER SSL | DATABASE DRIVERS | STRINGENT TRUST MODEL

Compliance SARBANES-OXLEY | SOC 2 REPORT | EU-US PRIVACY SHIELD

Security & Compliance

Leverage existing technology standards to securely manage the platform

Data level security with Tableau Desktop

Thank You For AttendingPlease Reach Out Anytime To Collaborate On Best Practices

Douglas Chope

Sales Consultant

Tableau

dchope@tableau.com

(571) 338 9728

RELATED SESSIONS

Tuesday, October 23Implementing Tableau Server Security10:45am – 11:45pm | MCCNO – L2 - 240

Tuesday, October 23Big Easy Data Security 4:00 – 5:00pm | MCCNO – L2 - 297

Thursday, October 25Tableau Server Security in Depth 4:00 – 5:00pm | MCCNO – L3 - 351

Please complete the

session survey from the My

Evaluations menu

in your TC18 app

Core Requirements: Internal Data Collaboration & Public Reporting

Core Requirement Tableau Approach

Restrict PII data Live Connection &

Extract

Prevent the possibility of identifying

individuals within aggregated data

Business Rule Logic in

Calculated Fields

Personalize data to individuals by role Row Level Security

Data Collaboration & Transparency Tableau Server

Risk: Identifying Individuals Within Aggregated Data --- The Small N Problem

Source: Data Quality Campaign: Understanding Minimum N-Size and Student Data Privacy: A Guide for Advocates June 2017 (pg 2)

Demo: Data Recoding & BlurringReporting %, Range Bins, Rounding, Aggregating

Demo – Use of Sets To Suppress Data

Demo – Suppress All Cells In A Row If Any Of The Cell Values Are Below The Minimum Threshold

Row Level Security Options

Source: Russ Goldin Tableau Sales Consultant; Tableau Stories v2.0

Data Row-Level Security: 3 Options

1. Completely managed by database - AUTOMATED

1. Must use Live connections

2. All end users must exist in database

3. End users log in as themselves to the database

2. Hybrid which leverages a user security table in the database, criteria enforced in the “WHERE” clause in Tableau - AUTOMATED

1. Live or Extract

2. Leverage Data Server

3. Use Data Source Filters

1. username()=[user column from security table]

2. Calculated field based on username()

3. Filter is always enforced in “WHERE” clause but transparent to end userKnowledge base article

3. Completely managed in Tableau - MANUAL

1. Live or Extract

2. User Filters built and applied per workbook or datasource

Be

st P

ract

ices

Do you have an EDW?

Yes?

Do you already have DB credentials for each user?

Yes?

Option #1

No?

Do you have a security mapping table?

Yes?

Option #2

No?

Option #3

No?

Row Level Security: Decision Tree

In Conclusion - Best Practices

• Leverage the Power of Tableau Desktop to Aggregate, generalize, mask and redact data

• Follow Tableau guidance such as outlined in the Security Hardening Checklist

• Apply all applicable data security in Tableau AND the Database

• Dynamically leverage Live Connections for sensitive data in combination with Extracts for less sensitive data

• Restrict individual users from specific data rows and columns based on a field (role and/or username)

• Published Data Sources, Data Server and the governance of Tableau Server