Use Data Delivery Apply Security to assign security to Tableau workbooks

On this page:

Overview

Data Delivery Apply Security is a tool for assigning read-only access to Denodo views and Tableau workbooks on servers at Indiana University. To begin the process in Tableau, a Tableau workbook publisher constructs and submits a security request, which is then reviewed and approved/denied by a Data Manager (DM), if necessary.

View the objects to which you can apply security

Note:
If you can download a workbook (in other words, if you see the Download Workbook button), that means you have publishing permissions for that workbook.

To see the Tableau workbooks for which you have publisher permissions:

  1. In Data Delivery Apply Security, from the System drop-down list, select Tableau.
  2. From the Environment drop-down list, select the Tableau environment from which you want workbook information:
    • Development: Test Tableau server, dev site
    • Test: Test Tableau server, tst site
    • Production: Production Tableau server, prd site
  3. Under "My Reports", you'll see the list of Tableau workbooks for which you have publishing rights, along with additional information. You'll see each workbook's name, the Tableau project it is in, and whether there are any pending or approved security requests. To find the correct workbook in the list, scan the list or use the "Filter results" box.

    You will also see one of the following two actions associated with each report:

    • The Apply button takes you to the wizard to request new security be applied to the workbook.
    • The View button displays a summary of permissions and their approval status. If you need to apply additional security, click Add security to go to the wizard. To return to your full list of workbooks, click Home in the breadcrumbs.
    Note:
    To reduce the number of workbooks displayed, use the "Filter results" box to filter the results based on text found in either the workbook name or the Tableau project name.

Add security

After you click Apply or Add security, you'll enter a setup wizard that will walk you through the collection of the necessary security information for the appropriate Data Manager (DM) to review your request. Be aware that selections you make in earlier steps of the wizard may alter or limit your available options in later steps.

The setup wizard includes the following seven steps:

  1. Data Classification: Select the most sensitive level of data included in your workbook. This selection will affect the permissions available for you to apply in the wizard's Permissions step. For more about data classification, see Classification levels of institutional data.
  2. Enterprise Data: The selections you make in this step will determine which DM(s) will be responsible for approval of your request. If you select multiple areas of enterprise data, multiple DMs will be contacted for approval. If you don't select any enterprise systems, you'll need to confirm that your report contains no enterprise data before you can leave this step.

    To see which DMs are associated with a particular enterprise system, select the system from the drop-down list; the list of associated DMs will be displayed below. If you need to remove a system, click Remove to the right of the information listed for that system.

  3. Compliance: Select the agreements and tutorials required for people to view your workbook; this is in addition to the specific permissions you'll select in the wizard's Permissions step.
    • The Acceptable Use Agreement(AUA) will be selected by default, because at IU, all non-public Tableau workbooks are restricted to users who have completed the AUA.
    • If you selected one or more enterprise systems in the wizard's Enterprise Data step, you might notice that other compliances have been preselected here. DMs for particular data areas can predefine required compliances for their area; in such cases, you cannot deselect these compliances.
    • If the FERPA tutorial or the HRMS Data Use tutorial options are not preselected, and you believe that viewers of your workbook need to be educated on one of these data policy categories, you may select them.

    Any options you select in this step will be imposed on the groups you select for viewing. For example, if you select FERPA, only users in your group who are up to date on their FERPA compliance will be allowed to view the workbook.

  4. Permissions: Indicate exactly what type of permissions you're requesting. The selections available to you will vary depending on choices you made in the wizard's Data Classification step.
    • Anyone with the URL (Public): This option is available if you set the data classification to Public data and the Tableau workbook is on the production server. If this option is approved, users will be able to view the workbook without needing to complete an IU Login. Each user who accesses the workbook will be recorded as "guest". If you select this option, you won't be able to require any compliances.
    • IU employees and affiliates (University-Internal): This option is available if you set the data classification to Public or University-Internal data. If this option is approved, and no other compliances other than Acceptable Use Agreement has been selected on the wizard's Compliance step, all IU employees (and approved affiliates) who have signed the Acceptable Use Agreement will be able to view the workbook. However, compliance composites are available for this option. If you selected FERPA and/or HRMS on the wizard's Compliance step, only IU employees who are up to date on those tutorials will be able to view the workbook.
    • One or more groups: This option is available regardless of what you selected in the wizard's Data Classification step. When you select this option, you'll need to enter the ACM groups to which you wish to secure the workbook. You can enter multiple groups or create a new group, if desired. Compliance composites are available for this option. If you selected FERPA and/or HRMS on the wizard's Compliance step, only users who are members of a relevant ACM group and are up to date on those tutorials will be able to view the workbook.
  5. Data Download: Selecting this option will grant the viewer of the workbook permission to download the source data behind the visualization. Since this allows for a deeper level of access than simply viewing the workbook does, an additional justification is required.
  6. Rationale: Describe the business rationale for the access level you're requesting. For example, in most cases, the rationale is either that access is needed to perform job functions or access is needed for a special project. Use the "Description" box to enter the justification for your request or to communicate special instructions.
  7. Summary: Review all of your previous selections. If any are incorrect, click Edit to return to the appropriate step of the wizard and make corrections. When all entries look correct, submit your request.
    • If the workbook contains enterprise data, the request will route to the appropriate DM(s) for approval; the "Routing" section will indicate which DM(s) will review your request.
    • If you set the data classification to Public data and the permission is Anyone with the URL (Public), the request will route to Student Records DMs for approval; the "Routing" section will indicate the DM(s) that will review your request.
    • If the workbook does not contain enterprise data and the data classification is not set to Public data, the requested security will immediately be applied.

Below are general tips to help you use the setup wizard.

  • Do not use your web browser's built-in forward and back buttons. Doing so will take you out of the wizard completely, rather than navigating through the wizard itself.
  • At any time, you can click Cancel to leave the wizard. However, if you do this, none of the information you've entered will be saved.
  • When you complete a step of the wizard, click Next to advance to the next step.
  • Once you've proceeded past the first step, you will also have a Back navigation button. If you use this button to go back to a previous step, the information you've already entered will be retained. However, if you change your selections in an earlier step, this might change your available options in a later step, thus eliminating the details originally captured in the later step.
  • Track your progress in the wizard using the navigation bar at the left side of the screen.
  • On the summary step, if you click an Edit button to return to a particular step of the wizard, you'll need to click through all the remaining steps to reach the summary step again.

Review security requests

To review your security requests, go to the list of Tableau workbooks for which you have publishing permissions, and click View next to the appropriate workbook.

Note:
You will only see the View button if the workbook has one or more pending or approved security requests.

Pending security requests

Pending security requests are denoted by gold alerts below the name of the workbook. In each alert, you'll see the name of the requester and the date the request was made.

Approved security requests

Approved security requests are displayed in a table under the name of the workbook. You'll see the name of the permission, any compliances that are enforced, and whether the permission grants view access only or also allows viewers to download data. There will also be a drop-down list that may include options to view the permission group in ACM, delete the permission, reapply the permission to the workbook, and view the publishing request.

Reapply security to a workbook

Sometimes when republishing a Tableau workbook, security will be lost from the workbook in Tableau, but still be displayed in Data Delivery Apply Security.

To reapply the security to a Tableau workbook:

  • Next to the appropriate workbook name, click View.
  • In the list of permissions, find the one you wish to reapply.
  • On the right side of the row corresponding to the permission to be reapplied, click the down arrow to open the drop-down list, and then select Reapply to workbook.
  • Confirm that the security was reapplied.

Remove security

To remove security from a Tableau workbook:

  1. Next to the appropriate workbook name, click View.
  2. In the list of permissions, find the one you wish to remove.
  3. On the right side of the row corresponding to the permission to be removed, click the down arrow to open the drop-down list, and then select Delete.
  4. Confirm the deletion.
Note:
You can only remove security groups one at a time, even if you originally added multiple security groups to a workbook in a single request.
Note:
To avoid issues, remove the security assignments from Apply Security before deleting workbooks in Tableau.

Publish a report to DS.IU

For instructions for publishing a report to DS.IU, see Publish Tableau reports in DS.IU.

Related documents

Use Data Delivery Apply Security to assign security to Denodo views Create, edit, or delete Access Control Management (ACM) groups Look up Data Managers for IUIE and Data Delivery Apply Security

This is document bbbj in the Knowledge Base.
Last modified on 2024-03-20 12:28:34.