How Permissions Work


Tableau Cloud and Tableau Server provide a space for accessing and managing published content. Beginning with version 2019.3, using the Tableau Metadata API, you have the ability to track and manage metadata and lineage of external assets used by the content published to your Tableau Cloud site or Tableau Server.

In addition, when your Tableau Cloud site or Tableau Server is licensed with Data Management, you have access to features like data quality warnings, which are enabled by Tableau Catalog.

In this section

Tableau Catalog indexes content, assets, and metadata

Metadata API contains indexed content, assets, and metadata from the content that has been published to your Tableau Cloud site or Tableau Server. You can query the Metadata API for all content and assets that it indexes.

The Metadata API exposes metadata for the following:

Metadata includes the following:

Permissions on assets and their metadata

Permissions control who is allowed to see and manage the data that is accessible from the Metadata API, for example who can see and manage external assets or who can see relationships shown through lineage queries.

Access metadata about content and assets

The permissions used to access metadata through the Metadata API work similarly to permissions for accessing content through Tableau Cloud or Tableau Server, with some additional considerations for external assets.

The Metadata API uses the same View capability that Tableau Server uses to control the information you can see, with one fundamental difference. In general, when you don’t have View capabilities to access information, Tableau Server omits (also called filters) that information from your results. However, when you don’t have View capabilities to access information, the Metadata API by default hides (also called obfuscates) that information from your results.

If you would rather omit any detail about the related assets that you do not have View capability to access, you can specify the “filter” mode in a query. If you specify the filter permissions mode, only the results whose attributes of external assets you have permissions to see are returned.

For an example, see Filter mode section of the Example Queries topic.

For more information, see one of the following topics:

For more general information on View capabilities, see one of the following topics:

Permissions on external assets using derived permissions

You are automatically granted View capability to external assets when the derived permissions site setting has been turned on for a site. This site setting is enabled by default if Tableau Cloud or Tableau Server is licensed with Data Management. Without Data Management, the site setting must be enabled manually for Tableau Server by the Tableau Server admin.

In addition, if your site is licensed with Data Management, it’s possible to explicitly grant permissions for external assets.

For more information and details around permissions, see one of the following topics:

Note: If you are the owner of a flow, derived permissions enable Overwrite and Set Permissions capabilities as well. You can edit and manage permissions for the database and table metadata used by the flow output. For these flow scenarios, the capabilities apply only after there has been at least one successful flow run under you as the current owner of the flow.