Wednesday, 8 July 2015

Tableau Server Security and Authentication

There are 4 main components to enterprise application security:

1.Authentication – Access Security
 Active Directory
supports the ability to automatically login users based on their   current windows credentials (the credentials they used to login to   the machine they are using).
Local Authentication
When using Local Authentication, the Tableau Server is   responsible for managing users, groups, passwords and the entire   authentication process.
Trusted Authentication
This method is far easier to implement than the complex and   fragile Single Sign On (SSO) integrations. Trusted authentication   simply means that you have set up a trusted relationship between   Tableau Server and one or more web servers.
Guest User or Anonymous (un-authenticated)
Note: This option is only available with a core-based server license.

 Tableau Server can be set up to allow anonymous access to views   via a guest account. 

2.Permissions – Object Security
Permissions wrtprojects
Projects control the default permissions for all workbooks and views published to the project. The default permissions for any content object can be overridden by users with appropriate permissions. For example, Publishers have the ability to fully control the content they publish.
Permission wrtpublished content
Published content includes Data sources, Workbooks and Views. Permissions include the typical content management actions such as view, create, modify and delete, but also what interactions a user can have inside of a view.
Multi-Tenant Deployments
Many Tableau customers use Groups and Projects to support multiple external parties (tenants) on a single Tableau Server. Tableau Server’s security is robust enough to meet the demands for deployments in Finance, Health-care and other situations where one client cannot see another client’s data under any circumstances. 

Permission and Administrators
There are two types of administrators: Site Administrators and System Administrators. Site Administrators can manage users, groups, projects, workbooks and data connections. Optionally, Site Administrators can add users to the site for delegated administration scenarios. System Administrators have all the rights of a content administrator but they can also administer the server itself including sites, maintenance, settings, schedules, and the search index.
Administrator rights can only be assigned to users with the Interactorlicense level. The Publish right is automatically granted to all Administrators. Administrators have the right to create additional Administrators of the same level. 

3.Data – Data Security
Database Authentication
If the data is extracted using Tableau’s fast Data Engine, then no options for database authentication will be available for end users. When automatically refreshing or incrementing extracts, a single set of credentials will 

Authentication Options
  1. Windows Authentication
  2. User Name and Password
  3. Embedded Authentication ( Not for use with Windows)
  4. Impersonation
  5. Query Banding
  6. Data Security User Filters
  7. Repository Security
  8. Extract Security (Encrypted Data Credentials)

4.Network – Transmission Security
  1. Client to Tableau Server (SSL and SAML)
  2. Communication between Tableau Server and Database
  3. Communication Between Tableau Server Components
  4. Encryption  

No comments:

Post a Comment