Tableau Tutorial for Beginners: Tableau Server & Tableau Online Permissions: Part 1

0:00Hey it is Tim here. Today we're finally

0:02doing it, we're getting started on Tableau

0:04Server. Yes,

0:05this is probably the most requested topic

0:08in general on my channel. Everyone always

0:11asks

0:11about Tableau Server and for a long time I

0:13've actually held off doing it because

0:15Tableau Server is a tricky topic to cover.

0:18So what I thought we'd do today is start

0:20with the most

0:21basic and probably the most asked question

0:23about Tableau Server which is Tableau

0:25Server permissions.

0:26Now this is very much a part one of the

0:28video and I kind of need your help to

0:30inform part two. So

0:32if you watch this video and there's

0:33something missing let me know in the

0:35comments below because

0:36that will be helping inform where we take

0:38part two of this video. In part one this

0:41video what I want

0:42to do is cover the basics. Make sure that

0:44you understand the fundamental principles

0:46that work

0:47behind permissions in Tableau Server or

0:49Tableau Online. Now these principles apply

0:52to both

0:53products it doesn't matter whether you're

0:54using Tableau Server or Tableau Online.

0:56There are going

0:57to be some nuances and we'll cover that

0:59later but in this first video we're just

1:01going to level the

1:02playing field for every single Tableau

1:03Server and Tableau Online setup and just

1:05assume that we all

1:06have the same setup and we are going to go

1:09and cover how Tableau Server evaluates

1:11permissions.

1:12All right let's get stuck in. Okay so the

1:14first thing I want to do is just to talk

1:16very briefly

1:17about what we mean by permissions. In short

1:19permissions control what you can and can't

1:21do

1:22on the server. Now if you work in an

1:24enterprise setup governance is an important

1:26part of that

1:27setup and so being able to control who can

1:30see what and what they can do with that

1:32access is

1:33really really important. Now at the same

1:35time you want to be able to manage this at

1:37scale so you

1:38don't want to have to sit there and

1:39manually configure it for each and every

1:41individual

1:42person as they join or get access to the

1:44server. So there's also some elements of

1:46this which talk

1:47about people's roles and when we talk about

1:49roles we're talking about the level of

1:51access at a high

1:52level that someone has. For example are

1:54they a viewer, are they a creator, are they

1:57a site admin,

1:58are they a server admin. These are

2:00typically known as roles and roles pretty

2:03much set the

2:04foreground for how your permissions work.

2:06Now if we start at the very top you've got

2:08someone like

2:08a server admin who is pretty much the boss

2:11level access and they can access pretty

2:13much everything

2:14on the server. There are a few nuances for

2:16this but again we'll cover this in another

2:18video.

2:19The next level down is the site admin. Now

2:22the site admin has access to a particular

2:24part of

2:25Tableau server or Tableau Online. Now if

2:27you have Tableau Online you typically tend

2:29to only have

2:30access to a single site and so that means

2:33the site admin is also the server admin in

2:36that case

2:37and the server admin for Tableau Online

2:39doesn't have to do any sort of back-end

2:41tasks. So in many

2:42ways Tableau Online tends to only really

2:45have site admin level access and the admin

2:47at that level is

2:49pretty much going to be managing things

2:50using the interface. They don't have any

2:52access to the AWS

2:53server that Tableau are running Tableau

2:56Online on. However on Tableau server the

2:59server admin has

3:00some additional tasks. They also have to be

3:02able to do things like install or upgrade

3:04the server

3:05and so as well as having the ability to go

3:07into multiple sites on the server they can

3:09also log

3:10into the back end of the server and carry

3:12out a few tasks. Now sometimes this tends

3:14to be a group

3:15of people it's not just one person because

3:17of course someone goes on holiday you want

3:19to be

3:19able to cover them. So again I'm not going

3:21to dive into this too much I don't want to

3:23sort of get

3:24into the weeds about how roles and

3:25licensing works but I just want you to have

3:27that general context

3:28because it's important for what we're about

3:31to cover next. The next level down from a

3:32site admin

3:33is a project owner essentially someone who

3:35owns a particular project and if I go over

3:37here to

3:38Tableau Online you can see that if I go to

3:40my explore folder here you'll see that each

3:43one of

3:43these folders is essentially a project. If

3:46I open this up you'll see that a folder is

3:48essentially

3:49got the same icon as a project. So a

3:51project owner is someone who has control

3:53over one of these

3:55spaces. Now in more recent versions of

3:57Tableau Online and Tableau server you could

4:00actually

4:00create nested projects. What do I mean by

4:02that? Well if I click into this you'll see

4:04that I have

4:05another folder that's essentially a folder

4:07inside of a folder which means it's a

4:09project inside of

4:10a project which makes it a nested project.

4:12Now after you've got projects you have

4:15content so

4:15once you basically start to sort of

4:17navigate through all the content you have

4:20things like

4:21workbooks, prep flows, data sources. Now

4:24these are typically put there by what we

4:26know as content

4:27owners. So content owners are the people

4:30who've actually created the content they

4:32tend to have

4:32the creator license. Now that's not

4:35technically always true but again we'll

4:37leave the technicalities

4:38out of this video and we'll just assume a

4:40level playing field. So a creator will

4:42publish content

4:43onto Tableau server or Tableau Online from

4:46Tableau Desktop or Tableau prep or even web

4:49edit or Tableau

4:50web authoring and when they publish content

4:52what they're really doing is saving that

4:54content into

4:55a project and so that makes them the

4:57content owner and that content owner

4:59capability has a level of

5:01access over every other sort of permission.

5:04The next level down is pretty much who you

5:07are in the

5:07organization so if you're just someone who

5:09's been given access to look at reports you

5:11'll either be

5:12something which is an explorer or a viewer.

5:14Now the difference between explorer and

5:16viewer it's

5:17again another sort of technicality I'm

5:19going to leave out of this video yes there

5:21's a few

5:21technicalities I'm skipping by because it

5:23'll just make the video too long but

5:25nonetheless

5:26explorers and viewers get access to access

5:28content. Explorers have a bit more access

5:30they can

5:30do things like they can start to create

5:32content where the explorer can publish

5:34license type

5:35but they can also do things like navigate

5:37certain aspects that haven't necessarily

5:39been made

5:40available to viewers. An explorer for

5:42example can download detailed summary data.

5:46Detailed summary

5:46data that doesn't make sense but they can

5:47essentially download the detail behind

5:49summary

5:49data that's a better way to put it and so

5:51those are the typical levels. Now the

5:53reason I've gone

5:54through that in that order is because I'm

5:55going to be referencing them throughout

5:57this video so

5:58it's really important to cover them up

5:59front and as I start to reference them you

6:01'll know roughly

6:02what I'm talking about. If you're thinking

6:04about well how can I find out what these

6:06permissions

6:07and roles are if you head over to the

6:09permissions tab in fact let's not do that

6:11if you just say

6:12tableau server roles let's just do that you

6:15'll get this list and it's actually a pretty

6:19well-defined

6:20list if I go down here you'll see that you

6:22have server admin site administrator

6:24creator and then

6:25you have site roles which use an explorer

6:28license which is a server admin again site

6:32admin explorer

6:33and essentially goes down the list viewer

6:35unlicensed and so on and so forth but it

6:37doesn't

6:37include the content owner and stuff like

6:39that because that ends up being applied to

6:41the content

6:42model whereas the roles typically stop at

6:44the roles of access that you have to table

6:47au server.

6:47So again I don't want to get into the weeds

6:49let's go back to our original view and here

6:51we are we

6:52have our content now when you get to the

6:55content you start to actually you know work

6:57with permissions

6:59and the first real person that has sort of

7:01this influence is either the project owner

7:03or the

7:03content owner and they can essentially

7:05apply permissions to content. So how do we

7:07apply

7:08permissions to content? Well it's pretty

7:10easy there's one of two ways you can either

7:11do it

7:12when you publish content or you can do it

7:14by just putting content in a folder and

7:16then that content

7:17will assume the permissions of that folder.

7:19So let's take a look at this metrics folder

7:21here

7:21you'll see that I'll click on these three

7:23dots here I'm just going to click on these

7:24three dots

7:25and when I click on them there you'll see

7:28that I do get this ability to open this

7:30drop down and

7:31there's a permissions options right there.

7:33So if I click on the permissions option

7:35there you'll see

7:35that I get this interface and this

7:37interface is actually broken down into

7:40several areas. Now

7:41I've called this folder metrics it doesn't

7:43necessarily mean that there are only

7:45metrics

7:46here I could put other content in here but

7:48the key thing I want to call out here are

7:50these

7:51sections here at the top. So let's just go

7:52through the anatomy of the permissions

7:54window so you can

7:55understand this better. The permission

7:57window always essentially reacts to the

8:00level of access

8:01that you're at so at this at this level

8:03that I'm at I've gone into a folder which

8:05is essentially a

8:05project and you can see the tab is

8:08currently highlighting projects. Now it's

8:11only really

8:12responding to projects and if I then go and

8:14click on say workbooks you'll see that it

8:17changes and I

8:17get a few more of this sort of matrix in

8:19this grid and then if I go to data sources

8:22I get even less

8:23but this time it's got different icons and

8:25you get the idea have roles flows lenses

8:28and finally

8:29metrics which is actually what I was trying

8:30to create. So these are different content

8:32types and

8:33each of them has a different set of

8:34permissions that you can control. So it's

8:36important to bear

8:37in mind that when you click on a project

8:39when you go into any permissions it doesn't

8:41necessarily

8:42mean that you're only changing the

8:44permissions for that particular thing. In

8:46this case I've clicked

8:47on a project so that doesn't mean I'm only

8:49changing permissions for this project. The

8:52reason

8:52that is if I go back to the top level here

8:54and I just highlight something to you you

8:56can actually

8:57lock permissions down to a project level.

9:00So let's go ahead and select edit here and

9:03you can see that

9:04I have the flexibility and capability to

9:06say that any permissions that I apply here

9:09at the project

9:10level are actually propagated down to all

9:12the content and everything inside of the

9:15project.

9:15That can also include subfolders so sub

9:18projects or nested projects as well. So

9:20that's why I

9:20mentioned that earlier on and so if you

9:22want to do that that's actually quite good

9:24because it

9:24avoids mistakes happening it avoids an

9:26author publishing something up and

9:28accidentally ticking

9:30the wrong box and enabling something for a

9:31group of users they shouldn't have enabled

9:33it for or

9:34maybe just forgetting to set things

9:35properly inside of the workbook. By doing

9:37this you can kind of make

9:38sure that only the right people who are

9:40supposed to see something can actually see

9:42it. I'm not going

9:43to do that here though I'm just going to

9:45close this we'll maybe make a separate

9:46video on just this

9:47but I just wanted to give that overview

9:49before we move on. Now because here I'm on

9:51projects you can

9:52see that I only really have two options I

9:54have the view options and the save options

9:57and if we hover

9:58over these it actually tells you exactly

9:59what they are. So if I hover over this it

10:01says view and if

10:02you hover over this one the save icon it

10:04means publish. So essentially what these

10:06two permissions

10:07are doing is controlling who can see the

10:09project and who can publish to the project

10:11and you can see

10:12that at the moment all users have the

10:14ability to publish to the project and I

10:17also have myself here

10:18as an administrator so you can see that I

10:20also have the ability to see and publish to

10:23the folder.

10:24Now this is a really really nice sort of

10:26part of the tableau interface because it

10:28essentially tells

10:29you what permissions are being applied and

10:31it's actually where you add permissions

10:33yourself so if

10:34you wanted to add an additional group of

10:36users you could just go to this little box

10:38here click it and

10:39if I go ahead and do that now you'll see

10:41that I get an interface I am able to choose

10:43from a drop

10:43down of different groups and or people and

10:46I can essentially give them a specific

10:49access. I can also

10:50you know go and select a group and once I

10:53've done that if I go down to this drop down

10:56I'm able to

10:56then select whether I want to allow them to

10:59have a preset so publish will only of

11:01course let them

11:03see and publish to the folder if I just

11:05select view it will let them see the

11:07project but it won't

11:08let them save content to the project and

11:11then none is essentially removing the

11:13permissions and then

11:14denied is essentially blocking those things

11:16and so you're probably wondering well what

11:19's the

11:19difference between none and denied okay

11:21well let's just park that for a few minutes

11:24I'll come back to

11:25that in a second because it's really

11:26important to finish the rest of this

11:28interface before I explain

11:29the permissions flow we'll come to that in

11:31a second so I'm just going to leave it as

11:33none

11:33I'm gonna in fact in this case if I leave

11:36it as none you see the save option is gray

11:38ed out because

11:38I technically haven't changed the

11:40permissions and so what I actually have to

11:43do is set something

11:43like denied and then that will work now

11:46because I'm a server admin I'll still be

11:48able to see this

11:49so even if I deny myself even though I'm in

11:52the group a new group one if I actually

11:54click on it

11:55you'll see that the viewer version of

11:57myself is in there I'm actually still able

11:59to see it as an

12:00admin as well as a separate user so we don

12:02't have to worry too much about that but we

12:03'll come back to

12:04the difference between none and denied in a

12:07second now the last thing you can do is you

12:09can test

12:10permissions and that's what this bottom

12:12half is for so if we highlight this here

12:14you'll see

12:14effective permissions and in here we can

12:17essentially type a group and type a set of

12:19users

12:20and we can see what permissions are being

12:22applied to them so if I go ahead and just

12:23type my name

12:24in here and just type in gueno you'll see

12:27there's two versions of me and like I said

12:30to you before

12:31I'm here as a site administrator and I'm

12:33also here as a viewer and you can see that

12:35my viewer access

12:36has two x's which means I can't see this

12:39project and I can't say to the project

12:42under this account

12:44so this is my other account if I was to log

12:46in I wouldn't be able to see all published

12:48content to

12:48this folder if however I log in as a server

12:51admin you can see that actually I can see

12:54and publish

12:55to this folder okay so again this is really

12:57really quite simple and if you've got a

13:00really complex

13:01project and a complex set of permissions

13:02this is a great way of just checking that

13:04those permissions

13:05are working sometimes you can set your

13:08permissions up here in this space and you

13:10think you've got

13:11everything locked down and you'll go down

13:13to this section and you'll test your

13:14permissions and you

13:15realize someone still can't see something

13:18or someone can still see something and so

13:20that's

13:20a big indicator that they've got

13:22permissions elsewhere either as a server

13:24admin as their role

13:25or as a content owner and that is actually

13:28what's changing what level of access they

13:30have but

13:31nonetheless let's sort of move on from this

13:33we'll come back to this in a second when we

13:35look at

13:36workbooks data sources and data roles but

13:38the next most important thing to evaluate

13:41is what is

13:41the difference between all these ticks for

13:44example so if I was to go in here and

13:46select none what is

13:48the difference between having no

13:49permissions for something being denied

13:51permissions for something

13:53and how does Tableau evaluate let's say I'm

13:55in two groups one which has a ability to

13:58see something

13:59and one which has been denied access to see

14:01something how does Tableau choose which one

14:03to

14:03evaluate first for that I want to take you

14:06to the permissions documentation by Tableau

14:08now I'll put

14:09a link to this in the description below I

14:11'll also put it up on screen but in essence

14:13this is a really

14:14really handy guide and if you scroll down

14:15it goes through many of the things I'm

14:17going to cover in

14:18this video and I'll cover in subsequent

14:20series okay and there's a whole bunch of

14:22things in here

14:23but the reason I want to jump straight to

14:25this second tab here is essentially the

14:27effective

14:28permissions and how Tableau evaluates the

14:30role so let's let's make this really really

14:32large on screen

14:33and make sure that you can see it very very

14:35easily so let's just do this and you can

14:37see here that

14:38it's a very sort of simple diagram and so

14:41in any situation when Tableau is evaluating

14:44the permissions

14:45for any content this is essentially the

14:47simplified model of how it works okay so

14:49the first thing

14:50you'll see it will do is it will evaluate

14:52whether you're trying to do something that

14:54's outside the

14:55scope of your role so let's say I'm a

14:56viewer and I'm trying to access some

14:58content that a server

14:59admin should be able to access and I go to

15:01look at that content the first thing Table

15:03au server will

15:03do is I'll actually check that first it'll

15:05say hey is the capability you're trying to

15:07access

15:08outside of the scope of a viewer in this

15:10case and if the answer is yes then

15:12unfortunately I'll be

15:13denied access to do that if however I try

15:15and do something that a viewer should be

15:17able to do then

15:17of course it will let me do that and I can

15:20actually move on to the next question so it

15:22's sort of a

15:23weird way of asking it so if I'm trying to

15:25do something outside of my capability the

15:27answer

15:28to that is yes then it'll block me if not

15:30you'll go to the next question the next

15:32question is

15:33actually whether I'm an admin or a project

15:35leader so if I'm a server admin or site

15:37admin or something

15:38like that well that gives me the access so

15:40if yes it will allow access if I'm a

15:42project leader I own

15:44one of those projects then again I'll be

15:46given access to that okay the next most

15:48important check

15:49is whether you're a content owner so let's

15:51say you're not a server admin you're not an

15:53admin or

15:54a project leader the next thing it's going

15:55to check is whether you own content so if

15:57you published and

15:58created the content well of course you

16:00should have the ability to see that content

16:02so this is

16:03essentially an explicit permission

16:05exclusively for orders of content just to

16:07make sure that

16:08when they publish content they have sort of

16:10full access to do whatever they need to do

16:12for their

16:12content now if they were happening to do

16:15this inside of a project where the

16:17permissions were

16:18locked then in fact this permission here

16:20would get a little bit more complex and

16:22there's a separate

16:23diagram for that which I'll show you in a

16:25second but nonetheless the content owner

16:27here typically

16:27tends to have access to their own content

16:30okay now the next thing is if you are not

16:33the content owner

16:34then are you denied as a user so the first

16:36thing is then going to check having gone

16:39through these

16:39three sort of role-based permissions is

16:42then to figure out well look have you been

16:44denied access

16:45has someone said that you shouldn't see

16:47this okay so notice that it asks that first

16:49it asks first

16:51whether you've been denied access which

16:53means if we go back to our previous tab

16:55here and we were

16:57to go back to all users here and we thought

16:59we were doing a safe thing by denying

17:01everyone access

17:02to the server like this and then we went

17:04and then added a specific group like data

17:06rockstars into

17:08this group and we gave them publish

17:10permissions what do you think would happen

17:12here well hopefully

17:13you answer that question but in essence the

17:15data rockstars would still not be able to

17:18publish or do

17:19anything because they have been denied

17:21access remember in this flow it first

17:24checks whether a

17:25user has been denied access and if they

17:28have it denies them immediately it doesn't

17:31go on to the

17:32rest of the flow to check whether they've

17:34been allowed access so that's a super

17:35important

17:36distinction i can't tell you how many times

17:38whilst working as a consultant this has

17:40been the simple

17:41fix for lots of permission errors someone

17:44has you know gone in here and smashed the x

17:46because they

17:47don't want to make a mistake but actually

17:49what they've done is locked pretty much

17:51everyone okay

17:52out so what you can do instead is if you

17:54want to do this you'll actually go to all

17:56users and give

17:57them no permissions i'll save that and i'll

17:59explain why giving them no permissions is

18:02almost the same

18:03as denying them permissions but it works in

18:05a slightly better way so let me go back to

18:07the

18:07permissions flow and let's finish working

18:09through okay so we've checked whether the

18:11user is allowed

18:12access if they're denied then of course we

18:14'll deny them if they're allowed then it

18:15will give

18:16them access so if let's say i was to go

18:18back to this view and i was in the data

18:21rockstar group

18:22but i'd been specifically denied access so

18:24let's save that as a data rockstar group so

18:27let's say

18:27the data rockstar group has been denied

18:29access but then i go and add the other

18:31version of myself

18:33this this version here and i go and give

18:36them publish access so you can see here

18:39that even

18:40though tim here is in the data rockstar

18:42group you'll see that actually what's going

18:45to happen

18:45because of this workflow is that it's going

18:48to check first if the user is allowed

18:50access

18:50so i can technically block a group and then

18:53explicitly add permissions for a single

18:55user

18:55in that group give them access to something

18:58and it will still work because tableau will

19:00check

19:00first for the permissions for a user before

19:03it checks them for a group so you can see

19:05here if

19:05the user is allowed access it allows it

19:08okay so the next thing to check is okay

19:11after that

19:12it finally starts to check the group

19:13permission so first it checks whether the

19:15user is part of

19:16a denied group if they are in a denied

19:17group then it will deny them access and if

19:20they're in an

19:20allowed group it will allow them access

19:22okay and very very finally very finally if

19:25they have no

19:26permissions whatsoever if they've gone all

19:28the way through this tree and they still

19:30don't have

19:31any sort of permissions then of course it's

19:33going to by default deny them access which

19:36is why earlier

19:37on when i looked at this page i told you

19:39that listen by giving all users the none

19:42template

19:42essentially if tableau can't find the

19:45permissions for a user by default it denies

19:47them access anyway

19:48okay so you don't need to sort of worry or

19:51stress about that you can the safest thing

19:53you can do is

19:54actually just remove access for everyone

19:56and essentially no one can see anything

19:57rather than

19:58going gung-ho and sort of blocking access

20:00for everything and because you think it's

20:02the safest

20:02way to do that so that permissions flow is

20:04super super important it's a very simple

20:06flow that you

20:07can work through and you can also use it

20:09for troubleshooting because it does of

20:10course get

20:11a little bit more complex and actually

20:13tableau sort of acknowledged that in this

20:15diagram because

20:16if we keep scrolling down you'll see there

20:18is actually a slightly more uh uh sort of

20:20complicated

20:21version of the same workflow and what this

20:23does is it works at multiple levels it also

20:26looks at

20:26content it looks at site roles and it

20:28basically looks at everything that's going

20:30on and so if we

20:31go through this one we can sort of evaluate

20:34this in a little bit more detail so let's

20:37take this to

20:37level two and really try and sort of

20:40understand what's going on so first thing

20:43we do is we

20:43actually start here we always start here at

20:45the top on the left it's the simplest way

20:47to sort of

20:47evaluate the workflow so again it checks

20:49the capabilities outside of the role okay

20:51we've done

20:51this and this section here looks pretty

20:54similar to what we saw before but this is

20:56where things get

20:57interesting okay after we've checked

20:59whether the person is an admin or a project

21:02leader and the

21:02next thing thing it's going to ask is

21:04whether the permissions are locked to the

21:06project now remember

21:07earlier on i said that if i went back in

21:09here and i selected the edit option just

21:12here if i went into

21:14that i could lock the permissions to the

21:16project here at the top and if i do that

21:18you see you get

21:18this warning saying project permissions

21:20will be applied to all content and all

21:22nested projects in

21:24metrics when you save now when i do that

21:26this workflow is probably more appropriate

21:29because

21:30if it is locked to the permissions lots of

21:32the project it can't go evaluating the flow

21:35as it

21:35was because of course what i've done by

21:37locking the permissions to the project is i

21:39've potentially

21:39overwritten any other permissions that were

21:42embedded in content put into that folder or

21:46in

21:46subsequent sort of levels and settings that

21:48maybe for example a content owner could

21:51have published

21:52so if the permissions are locked to the

21:54project then it will then go through here

21:57and check well

21:57are you the content owner for this content

21:59and if you are the content owner it will

22:01give you access

22:02there is an exception there but again i'm

22:03keeping this simple let's just keep moving

22:05and then having

22:06checked if you're a content owner it will

22:08then go and see okay well let's check this

22:10at a project

22:11permission level and ask are you denied as

22:13a user if yes then it will deny you are you

22:15allowed as a

22:16user allowed and denied as a group denied

22:19allowed as a group allowed and then as we

22:22go through here

22:23he goes no and everything comes out of this

22:26end however if the project permissions are

22:28not locked

22:29to a project so if this tick marks here is

22:31the same as it is now then when we go back

22:34to this

22:34workflow we go to the right it checks again

22:36to see if you're a content owner and if you

22:39are it allows

22:40you access so in many ways this permission

22:43and this permission are kind of doing the

22:45same thing

22:46they're just two different branches and

22:48what we then do is we go to this next

22:49question which is

22:51permission rule on view okay so the

22:53permission rule on the view is actually

22:55something sort of

22:56very niche i'm going to skip it for this

22:58particular video because um i need to just

23:01show you this

23:01example and i haven't got a an example set

23:04up and i think it would take a bit more

23:06time so i'll do a

23:07separate video just on that but essentially

23:09it's asking whether you've got specific

23:11permission for

23:11a view in a published sort of environment

23:14okay and if you have the permissions for

23:17that and then it

23:18goes down and then it will check all these

23:20other permissions okay now if no then it

23:23asks if you

23:23have a permission rule on a workbook data

23:25source of flow so essentially what it's

23:27doing is it's

23:28going through the individual bits of

23:30content and it's checking whether you have

23:32permission

23:33to that thing and once you do have a

23:34permission to that thing it's evaluating

23:37what permission you

23:38have so you can see that every time it says

23:40yes um along sort of this bottom row it's

23:43essentially

23:43throwing you out the same check it would

23:46have done anyway um for the user then the

23:48group and so um

23:50it's really important to sort of

23:51acknowledge that look when you lock content

23:54to a project um in in

23:56some ways it's sort of simplifying the

23:57permission model because you don't have to

23:59go hunting round

24:00to figure out what permissions are working

24:02however if you don't do that then

24:04essentially what it has

24:05to do is for each individual item it has to

24:07evaluate the level of access that you have

24:10and

24:10check that what that's doing now that's not

24:12going to eat up resources look this all

24:14happens in the

24:15flash of an eye it's not like the kind of

24:17thing where you know adding more complex

24:19permissions

24:20going to make it sort of slower or anything

24:22like that it all happens very very quickly

24:25and it's evaluated very easily by the table

24:27au server but nonetheless i think it's an

24:29important

24:29workflow to understand to be able to

24:31troubleshoot so those are the effective

24:33permissions and this is

24:34how they're applied now to end this video i

24:36'm just going to go back and we're just

24:37going to finish

24:38this setup so you see here i'm still

24:41looking at the permissions at the metrics

24:44level so i clicked

24:45on the three dots and went to the

24:46permissions for the metrics folder and you

24:49can see that in here

24:50i can of course go in and set some

24:52permissions across the whole entire

24:56folder and again this is all related to

24:58this metrics folder if i close this down

25:01and i go

25:01into the metrics folder you'll see that i

25:03have a bunch of metrics in here and so if i

25:05click on the

25:06three dots here and i go to permissions you

25:08can see that now i'm inside of the

25:10permissions

25:11specifically for this metric and notice

25:14that i have a lot less going on i don't

25:16have that tab

25:17here across the top which is showing me the

25:19different levels of content and so as you

25:21go

25:22further into a project or as you engage

25:24more with content and you try and edit

25:26their individual

25:27permissions you obviously lose more of a

25:29high level of control because you're

25:31getting more

25:32and more niche into a particular thing and

25:34so each of those things will have its own

25:36set of

25:36permissions so let's take a look at a few

25:37of those and see what they look like so

25:39this is what the

25:40metrics permissions look like if i was to

25:43go back go back out of this and if i go

25:46back to the 2020.2

25:47release i think i do have some data sources

25:49so let's go to this data source here i'll

25:52click on

25:52permissions and you can see that here i get

25:54the data source set of permissions here

25:56they're very

25:57different they are the what are these the

26:00view the connect the download data source

26:03overwrite move

26:05delete and set permissions now i will say

26:08very briefly this set permissions is super

26:11dangerous

26:11because essentially you can give someone

26:13access to change their own permission so be

26:16super careful

26:16with that setting and who you give it to

26:18but nonetheless again these are the data

26:20specific

26:21settings now if i go back out and i go to

26:23viz for example this one and i go to

26:26permissions

26:27you'll see that again i get a different set

26:29of permissions i don't get that little tab

26:31across

26:31the top because i'm now in the workbook

26:33permissions so in the workbook permissions

26:35we have probably the

26:36most complicated set of permissions because

26:39of course this is the most sort of fleshed

26:41out part

26:41of tableau and so it's added all these

26:43controls over the years and they're

26:45generally broken down

26:46into a bunch of areas now you can sort of

26:48play around with these templates because of

26:51course the

26:51templates i showed you earlier were

26:53specific to the project if i click on this

26:55drop down you can

26:56see there's actually a few more templates

26:58so if i for example select the explore you

27:00can see that it

27:00gives pretty much all of these settings now

27:03these are kind of matching the roles so

27:05explorer for

27:06example would be able to do all of this if

27:09i go down and just select view this is sort

27:12of

27:12simulating what a viewer would be able to

27:15do that's strictly not always true but

27:17generally speaking

27:18that's how you can sort of assume it works

27:20if i hit publish i get this sort of hybrid

27:22which is

27:22essentially what an explorer can do as well

27:25as this information here so i can go in and

27:28download

27:29and save a copy of the workbook i can set

27:31um i can overwrite the content and i can

27:34also create and

27:35refresh metrics myself okay and then the

27:37very last thing is administer which gives

27:39me everything for

27:40this content so if i give someone the

27:42ability to administer a piece of content

27:44they can also change

27:46these permissions for the content

27:47themselves okay so i'm not going to change

27:49those i'm going to go

27:50back in here and i'm going to set this to

27:52none as i suggested earlier if i delete the

27:54rule then it

27:55actually just disappears okay and it just

27:58doesn't do anything but i can go ahead and

28:01set this up and

28:01just give everyone um i give everyone view

28:03access actually as a simple one because i'm

28:05on this

28:06server and this is this is all going to be

28:09fine okay so as a starting point i really

28:11hope this

28:12has given you some sort of overview of how

28:15the permissions are evaluated where the

28:17permissions

28:18are and how you can change them now by no

28:20means have i covered every single thing we

28:23didn't go

28:23into groups we didn't go into users we didn

28:25't go into any of that we just kept it

28:27focused on

28:28permissions itself but hopefully this video

28:31has been enough to get you started and

28:33understanding

28:34where potential permissions issues might be

28:36okay so this is the point where i need your

28:39help we

28:40need some sort of scope for the next video

28:42because the problem with permissions you

28:45can take it

28:45literally anywhere and so what i will do is

28:47i'll pledge to make the next permission

28:49video within

28:50the next month or two but in order to do

28:52that i'm going to be watching the comments

28:54on this video to

28:55see look what are the most sort of needed

28:57questions that need answering when it comes

28:59to permissions

29:00and i'll also sort of open the invite for

29:02other questions on tableau server that you

29:04might be

29:05interested in um i'm going to try and avoid

29:07the back-end tasks just for now i do have a

29:11tableau

29:11server certification uh up for renewal next

29:14year so when i start to go through that i

29:16will make

29:17lots of back-end content for that but for

29:19now i just want to keep things simple and

29:21keep it on

29:22the user interface where to be honest most

29:24people spend their time um most people

29:26looking at content

29:27are going to be managing content as well so

29:30we'll focus on that at least for now this

29:32year and then

29:32next year we can get all hands on i'll even

29:35buy a tableau server and we'll get um sort

29:37of hack you

29:38on aws and do a whole bunch of stuff so

29:40thanks for watching and if you enjoyed this

29:42video be sure to

29:43share it with people and if you found it

29:45useful as well if it's a great resource for

29:47you then i'd

29:47really appreciate a like or subscribe and

29:50yeah i'd really love to know what else you

29:52'd like to see on

29:52the channel so let me know in the comments

29:54be sure to check out tableau tim.com where

29:56i have a host

29:57of playlists that are hopefully helpful

29:59about tableau and other content and yeah if

30:01you'd like

30:02me to make videos about other pieces of

30:03software also let me know what you'd like

30:05those to be

30:06um i'd be interested to know so thanks for

30:12watching i'll catch you in the next one