Permissions Methods

Using the permissions methods of the Tableau Server REST API you can:

  • List, add, and delete granular default permissions that apply to new content created in a project
  • List, add, and delete granular permissions for existing projects, workbooks, views, flows, metrics, and data sources

This functionality relates to the UI elements and concepts described at: Permissions Reference(Link opens in a new window).

Add Data Source Permissions

Adds permissions to the specified data source for a Tableau Server user or group. You can specify multiple sets of permissions using one call.

If a specified permission has already been granted or denied for a given user or group, the system ignores it.

If the request body includes a child workbook or <project> element, the request is invalid.

URI

PUT /api/api-version/sites/site-id/datasources/datasource-id/permissions

Parameter Values

api-version The version of the API to use, such as 3.12. For more information, see REST API and Resource Versions.
site-id The ID of the site that contains the data source.
datasource-id The ID of the data source to set permissions for.

Request Body

<tsRequest>
  <permissions>
    <datasource id="datasource-id" />
    <granteeCapabilities>
      <user id="user-id" />
      <capabilities>
        <capability name="capability-name" mode="capability-mode" />
        ... additional capabilities ...
      </capabilities>
    </granteeCapabilities>
    <granteeCapabilities>
      <group id="group-id" />
      <capabilities>
        <capability name="capability-name" mode="capability-mode" />
        ... additional capabilities ...
      </capabilities>
    </granteeCapabilities>
    ... additional grantee capability sets ...
  </permissions>
</tsRequest>
        

Attribute Values

datasource-id The <datasource> element is not required, but can be included for compatibility with earlier versions of the REST API. If the <datasource> element is included, the datasource-id value must match the data source ID in the URI. Any other attributes in the <datasource> element are ignored.
user-id The ID (not name) of the user to add permissions for.
group-id The ID (not name) of the group to add permissions for.
capability-name The capability to assign. For valid capabilities for a data source project are ChangePermissions, Connect, Delete, ExportXml, Read (view), and Write.

For more information, see Permissions.

capability-mode Allow to allow the capability, or Deny to deny it. This value is case sensitive.

Permissions

Tableau Server users who are not server administrators or site administrators can add permissions only to a data source for which they have ChangePermissions permission (either explicitly or implicitly).

Response Code

200

Response Body

<tsResponse version-and-namespace-settings>
  <permissions>
    <datasource id="datasource-id" />
    <granteeCapabilities>
      <user id="user-id" />
      <capabilities>
        <capability name="capability" mode="Allow-or-Deny" />
        <capability name="capability" mode="Allow-or-Deny" />
        ... additional capabilities ...
      </capabilities>
    </granteeCapabilities>
    <granteeCapabilities>
      <group id="group-id" />
      <capabilities>
        <capability name="capability" mode="Allow-or-Deny" />
        <capability name="capability" mode="Allow-or-Deny" />
        ... additional capabilities ...
      </capabilities>
    </granteeCapabilities>
    ... additional grantee capability sets ...
  </permissions>
</tsResponse>
        

Version

Version 2.0 and later. For more information, see REST API and Resource Versions.

Errors

HTTP status error Code Condition Details
400 400000 Bad request The content of the request body is missing or incomplete, or contains malformed XML.
400 400009 Invalid capability The specified capability is invalid for a data source. Valid capabilities for a data source are ChangePermissions, Connect, Delete, ExportXml, Read, and Write.
403 403004 No permissions to set permissions. A user attempted to add permissions to a data source, but the caller doesn't have permission to set permissions on the data source.
404 404000 Site not found The specified site doesn't correspond to an existing site.
404 404002 User not found The user specified in the request body doesn't correspond to an existing user.
404 404004 Data source not found The specified data source doesn't correspond to an existing data source.
404 404012 Group not found The group specified in the request body doesn't correspond to an existing group.
404 404013 Capability not found A capability specified in the request body doesn't correspond to a defined capability. This can apply to either an invalid capability name or to a capability other than Allow or Deny for any mode value.
405 405000 Invalid request method Request type was not PUT.

For more information, see Handling Errors.

Add Default Permissions

Adds default permission capabilities granted to a user or group, for metric, flow, workbook, or data source resources in a project. After adding default permissions, resources of the type you specify that are added to a project will have those capabilities granted for a group or user. If permissions are locked to the project(Link opens in a new window), then the same is true for all existing child content of the project. For more information, see Permissions(Link opens in a new window).

Content owners can override default permissions for their content, but only if project permissions have not been locked. Project permissions can be locked for a new project when you call Create Project or for an existing project by calling Update Project. For more information, see Lock Content Permissions to the Project(Link opens in a new window).

URI

PUT /api/api-version/sites/site-id/projects/project-id/default-permissions/workbooks

PUT /api/api-version/sites/site-id/projects/project-id/default-permissions/datasources

PUT /api/api-version/sites/site-id/projects/project-id/default-permissions/flows

PUT /api/api-version/sites/site-id/projects/project-id/default-permissions/metrics

Parameter Values

api-version The version of the API to use, such as 3.12. For more information, see REST API and Resource Versions.
site-id The ID of the site that contains the project.
project-id The ID of the project to set default permissions for.

Request Body

<tsRequest>
  <permissions>
	<granteeCapabilities>
	  <user id="user-id" />
      <capabilities>
	    <capability name="capability-name" mode="capability-mode" />
	    < !-- ... additional capabilities ... -->
	  </capabilities>
	</granteeCapabilities>
	<granteeCapabilities>
      <group id="group-id" />
	  <capabilities>
		<capability name="capability-name" mode="capability-mode" />
		< !-- ...  additional capabilities ... -->
	  </capabilities>
	</granteeCapabilities>
    < !-- ... additional grantee capability sets ...  -->
  </permissions>
</tsRequest>
        

Attribute Values

user-id The ID (not name) of the user to add default permissions for.
group-id The ID (not name) of the group to add permissions for.
capability-name The capability to assign. Valid capabilities for a workbook are

AddComment, ChangeHierarchy, ChangePermissions, Delete, ExportData, ExportImage, ExportXml, Filter, Read (view), ShareView, ViewComments, ViewUnderlyingData, WebAuthoring, and Write.

Valid capabilities for a data source are ChangePermissions, Connect, Delete, ExportXml, Read (view), and Write.

For more information, see Permissions.

capability-mode Allow to allow the capability, or Deny to deny it. This value is case sensitive.

Permissions

Tableau Server users who are not server administrators can add permissions defaults for a project only if they have the ProjectLeader permission for that project (either explicitly or implicitly).

Response Code

200

Response Body

<tsResponse xmlns="http://tableau.com/api" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://tableau.com/api http://tableau.com/api/ts-api-3.5.xsd">
  <permissions>
	<database id="e8d4aa9f-3d1a-4b49-8d6d-27f113cbd25e" name="oracle.test.tsi.lan:1521"/>
	<granteeCapabilities>
	  <user id="6265b714-7533-465d-b6db-6d0be92bfd07"/>
	  <capabilities>
		<capability name="Read" mode="Allow"/>
		</capabilities>
	</granteeCapabilities>
  </permissions>
</tsResponse>
        

Version

Version 2.1 and later. For more information, see REST API and Resource Versions.

Errors

HTTP status error Code Condition Details
400 400000 Bad request The content of the request body is missing or incomplete, or contains malformed XML.
400 400009 Invalid capability The capability in the URI is invalid for a data source.

Valid capabilities for a workbook are AddComment, ChangeHierarchy, ChangePermissions, Delete, ExportData, ExportImage, ExportXml, Filter, Read (view), ShareView, ViewComments, ViewUnderlyingData, WebAuthoring, and Write.

Valid capabilities for a data source are ChangePermissions, Connect, Delete, ExportXml, Read (view), and Write.

400 400042 Malformed permissions qualifier The request body includes a <workbook> or <datasource> element.
403 403004 Permissions setting forbidden A non-administrator user called this method but doesn't have permission to add permissions on the project.
404 404000 Site not found The site ID in the URI doesn't correspond to an existing site.
404 404002 User not found A user ID in the request body as the grantee doesn't correspond to an existing user.
404 404005 Project not found The project ID in the URI doesn't correspond to an existing project.
404 404009 Project ID mismatch A project ID specified in the URI does not match the project ID specified in the request body. (You do not have to specify a project ID in the request body.)
404 404012 Group not found A group ID in the request body doesn't correspond to an existing group.
404 404013 Capability not found The capability in the request body doesn't correspond to a defined capability. This can apply to either an invalid capability name or to a capability other than Allow or Deny for any mode value.
405 405000 Invalid request method Request type was not PUT.

For more information, see Handling Errors.

Add Project Permissions

Adds permissions to the specified project for a Tableau Server user or group. You can specify multiple sets of permissions using one call.

If the request body includes a child datasource or <project> element, the request is invalid.

URI

PUT /api/api-version/sites/site-id/projects/project-id/permissions

Parameter Values

api-version The version of the API to use, such as 3.12. For more information, see REST API and Resource Versions.
site-id The ID of the site that contains the project.
project-id The ID of the project to set permissions for.

Request Body

<tsRequest>
  <permissions>
    <granteeCapabilities>
      <user id="user-id" />
      <capabilities>
        <capability name="capability-name" mode="capability-mode" />
        ... additional capabilities ...
      </capabilities>
    </granteeCapabilities>
    <granteeCapabilities>
      <group id="group-id" />
      <capabilities>
        <capability name="capability-name" mode="capability-mode" />
        ... additional capabilities ...
      </capabilities>
    </granteeCapabilities>
    ... additional grantee capability sets ...
  </permissions>
</tsRequest>
        

Attribute Values

user-id The ID (not name) of the user to add permissions for.
group-id The ID (not name) of the group to add permissions for.
capability-name The capability to assign permissions to. In Tableau Server 10.0, the valid capabilities for a project are ProjectLeader, Read (view), and Write.

For more information, see Permissions.

capability-mode Allow to allow the capability, or Deny to deny it. This value is case sensitive.

Permissions

Tableau Server users who are not server administrators or site administrators can add permissions for a project only if they have ChangePermissions (version 2.0) or ProjectLeader (version 2.1) permission for that project (either explicitly or implicitly).

Response Code

200

Response Body

<tsResponse>
  <permissions>
    <project id="project-id" name="project-name" />
      <owner id="project-owner-id" />
    </project>
    <granteeCapabilities>
      <user id="user-id" />
      <capabilities>
        <capability name="capability" mode="Allow-or-Deny" />
        <capability name="capability" mode="Allow-or-Deny" />
        ... additional capabilities ...
      </capabilities>
    </granteeCapabilities>
    <granteeCapabilities>
      <group id="group-id" />
      <capabilities>
        <capability name="capability" mode="Allow-or-Deny" />
        <capability name="capability" mode="Allow-or-Deny" />
        ... additional capabilities ...
      </capabilities>
    </granteeCapabilities>
    ... additional grantee capability sets ...
  </permissions>
</tsResponse>
        

Version

Version 2.0 and later. For more information, see REST API and Resource Versions.

Errors

HTTP status error Code Condition Details
400 400000 Bad request The content of the request body is missing or incomplete, or contains malformed XML.
400 400009 Invalid capability

The capability specified in the request is not in the list of valid capability names for this method.

The mode of the capability for ProjectLeader cannot be set to Deny.

403 403004 Permissions setting forbidden A non-administrator user called this method but doesn't have permission to add permissions on the project.
404 404000 Site not found The site ID in the URI doesn't correspond to an existing site.
404 404002 User not found A user ID in the request body as the grantee doesn't correspond to an existing user.
404 404005 Project not found The project ID in the URI doesn't correspond to an existing project.
404 404009 Project ID mismatch A project ID specified in the URI does not match the project ID specified in the request body. (You do not have to specify a project ID in the request body.)
404 404012 Group not found A group ID in the request body doesn't correspond to an existing group.
404 404013 Capability not found The capability in the request body doesn't correspond to a defined capability. This can apply to either an invalid capability name or to a capability other than Allow or Deny for any mode value.
405 405000 Invalid request method Request type was not PUT.

For more information, see Handling Errors.

Add View Permissions

Adds permissions to the specified view (also known as a sheet) for a Tableau Server user or group. You can specify multiple sets of permissions using one call.

URI

PUT /api/api-version/sites/site-id/views/view-id/permissions

Parameter Values

api-version The version of the API to use, such as 3.12. For more information, see REST API and Resource Versions.
site-id The ID of the site that contains the workbook view.
view-id The ID of the view to set permissions for. You can obtain this ID by calling Query Views for Site.

Request Body

<tsRequest>
  <permissions>
    <view id="view-id" />
	<granteeCapabilities>
	  <user id="user-id" />
      <capabilities>
        <capability name="capability-name" mode="capability-mode" />
        ... additional capabilities ...
      </capabilities>
    </granteeCapabilities>
    <granteeCapabilities>
      <group id="group-id" />
      <capabilities>
        <capability name="capability-name" mode="capability-mode" />
        ... additional capabilities ...
      </capabilities>
    </granteeCapabilities>
    ... additional grantee capability sets ...
  </permissions>
</tsRequest>
        

Attribute Values

view-id The view-id value must match the view ID in the URI.
user-id The ID (not name) of the user to add permissions for.
group-id The ID (not name) of the group to add permissions for.
capability-name The capability to assign. If any capability has already been granted or denied for a specified user or group, that capability is ignored. For valid capabilities for a view are AddComment, ChangePermissions, Delete, ExportData, ExportImage, ExportXml, Filter, Read (view), ShareView, ViewComments, ViewUnderlyingData, WebAuthoring, and Write.

For more information, see Permissions.

capability-mode Allow to allow the capability, or Deny to deny it. This value is case sensitive.

Permissions

This method can only be called by server and site administrators, and user who have permission to set permissions on the workbook (either explicitly or implicitly). To use this method, the parent workbook that contains the specified view must have its showTabs attribute set to Hide. You can configure this setting by using the Update Workbook method.

Response Code

200

Response Body

<tsResponse>
  <permissions>
    <view id="view-id" />
      <owner id="owner-id"/>
    </view>
    <granteeCapabilities>
      <user id="user-id" />
      <capabilities>
        <capability name="capability-name" mode="capability-mode" />
        <capability name="capability-name" mode="capability-mode" />
      </capabilities>
    </granteeCapabilities>
    <granteeCapabilities>
      <user id="user-id" />
      <capabilities>
        <capability name="capability-name" mode="capability-mode" />
        <capability name="capability-name" mode="capability-mode" />
      </capabilities>
    </granteeCapabilities>
    <granteeCapabilities>
      <group id="group-id" />
      <capabilities>
        <capability name="capability-name" mode="capability-mode" />
          </capabilities>
          </granteeCapabilities>
  </permissions>
</tsResponse>
        

The createdAt and updatedAt values are dates and times in UTC format (YYYY-MM-DDTHH:MM:SSZ).

Version

Version 3.2 and later. For more information, see REST API and Resource Versions.

Errors

HTTP status error Code Condition Details
400 400000 Bad request The content of the request body is missing or incomplete, or contains malformed XML.
400 400009 Invalid capability The capability in the URI is invalid for a view.
403 403004 Permissions setting forbidden A non-administrator user called this method but doesn't have permission to set permissions on the view.
404 404000 Site not found The site ID in the URI doesn't correspond to an existing site.
404 404011 View not found The view ID in the URI doesn't correspond to an existing view.
404 404012 Group not found A group ID in the request body doesn't correspond to an existing group.
404 404013 Capability not found The specified capability doesn't correspond to a defined capability. This can apply to either an invalid capability name or an invalid capability value (other than Allow or Deny).
405 405000 Invalid request method Request type was not PUT.

For more information, see Handling Errors.

Example

curl "http://MY-SERVER/api/3.12/sites/13020592-762f-4de4-a25e-f4beb005836e/views/e5a4b73e-5cbb-412d-907e-f31cc31684f7" -X GET -H "X-Tableau-Auth:12ab34cd56ef78ab90cd12ef34ab56cd" -d @add-view-permissions.xml

Example of add-view-permissions.xml:

<tsRequest>
  <permissions>
    <view id="34acb0d7-fa37-43d7-bdde-d6635eb724b5" />
    <granteeCapabilities>
      <user id="8eda27d9-5ad2-42cd-a39a-61bc01a423af" />
      <capabilities>
        <capability name="ExportImage" mode="Allow" />
        <capability name="ChangePermissions" mode="Deny" />
      </capabilities>
    </granteeCapabilities>
  </permissions>
</tsRequest>

Example response:

<tsResponse>
  <permissions>
    <view id="34acb0d7-fa37-43d7-bdde-d6635eb724b5" name="What If Forecast">
      <owner id="8eda27d9-5ad2-42cd-a39a-61bc01a423af"/>
    </view>
    <granteeCapabilities>
      <group id="2aa47cfa-9f2b-11e8-a260-af4a26124661"/>
      <capabilities>
        <capability name="ShareView" mode="Allow"/>
        <capability name="ViewComments" mode="Allow"/>
        <capability name="Filter" mode="Allow"/>
        <capability name="ExportData" mode="Allow"/>
        <capability name="Read" mode="Allow"/>
        <capability name="AddComment" mode="Allow"/>
        <capability name="ViewUnderlyingData" mode="Allow"/>
        <capability name="ExportImage" mode="Allow"/>
      </capabilities>
    </granteeCapabilities>
    <granteeCapabilities>
      <user id="8eda27d9-5ad2-42cd-a39a-61bc01a423af"/>
      <capabilities>
        <capability name="ExportImage" mode="Allow"/>
        <capability name="ChangePermissions" mode="Deny"/>
      </capabilities>
    </granteeCapabilities>
  </permissions>
</tsResponse>

Add Workbook Permissions

Adds permissions to the specified workbook for a Tableau Server user or group. You can specify multiple sets of permissions using one call.

URI

PUT /api/api-version/sites/site-id/workbooks/workbook-id/permissions

Parameter Values

api-version The version of the API to use, such as 3.12. For more information, see REST API and Resource Versions.
site-id The ID of the site that contains the workbook.
workbook-id The ID of the workbook to set permissions for.

Request Body

<tsRequest>
  <permissions>
    <workbook id="workbook-id" />
    <granteeCapabilities>
      <user id="user-id" />
      <capabilities>
        <capability name="capability-name" mode="capability-mode" />
        ... additional capabilities ...
      </capabilities>
    </granteeCapabilities>
    <granteeCapabilities>
      <group id="group-id" />
      <capabilities>
        <capability name="capability-name" mode="capability-mode" />
        ... additional capabilities ...
      </capabilities>
    </granteeCapabilities>
    ... additional grantee capability sets ...
  </permissions>
</tsRequest>
        

Attribute Values

workbook-id The <workbook> element is not required, but can be included for compatibility with earlier versions of the REST API. If the <workbook> element is included, the workbook-id value must match the workbook ID in the URI. Any other attributes in the <workbook> element are ignored.
user-id The ID (not name) of the user to add permissions for.
group-id The ID (not name) of the group to add permissions for.
capability-name

The capability to assign. If any capability has already been granted or denied for a specified user or group, that capability is ignored. Valid capabilities for a workbook are AddComment, ChangeHierarchy, ChangePermissions, Delete, ExportData, ExportImage, ExportXml, Filter, Read (view), ShareView, ViewComments, ViewUnderlyingData, WebAuthoring, and Write.

For more information, see Permissions.

capability-mode Allow to allow the capability, or Deny to deny it. This value is case sensitive.

Permissions

Tableau Server users who are not server administrators or site administrators can call this method only if the have permission to set permissions on the workbook (either explicitly or implicitly).

Response Code

200

Response Body

<tsResponse>
  <permissions>
    <workbook id="workbook-id" />
    <granteeCapabilities>
      <user id="user-id" />
      <capabilities>
        <capability name="capability" mode="Allow-or-Deny" />
        <capability name="capability" mode="Allow-or-Deny" />
        ... additional capabilities ...
      </capabilities>
    </granteeCapabilities>
    <granteeCapabilities>
      <group id="group-id" />
      <capabilities>
        <capability name="capability" mode="Allow-or-Deny" />
        <capability name="capability" mode="Allow-or-Deny" />
        ... additional capabilities ...
      </capabilities>
    </granteeCapabilities>
    ... additional grantee capability sets ...
  </permissions>
</tsResponse>
        

Version

Version 2.0 and later. For more information, see REST API and Resource Versions.

Errors

HTTP status error Code Condition Details
400 400000 Bad request The content of the request body is missing or incomplete, or contains malformed XML.
400 400009 Invalid capability The capability in the URI is invalid for a workbook resource. Valid capabilities for a workbook are AddComment, ChangeHierarchy, ChangePermissions, Delete, ExportData, ExportImage, ExportXml, Filter, Read (view), ShareView, ViewComments, ViewUnderlyingData, WebAuthoring, and Write.
403 403004 Permissions setting forbidden A non-administrator user called this method but doesn't have permission to set permissions on the workbook.
404 404000 Site not found The site ID in the URI doesn't correspond to an existing site.
404 404002 User not found A user ID in the request body doesn't correspond to an existing user.
404 404006 Workbook not found The workbook ID in the URI doesn't correspond to an existing workbook.
404 404012 Group not found A group ID in the request body doesn't correspond to an existing group.
404 404013 Capability not found The specified capability doesn't correspond to a defined capability. This can apply to either an invalid capability name or a capability other than Allow or Deny for any mode value.
405 405000 Invalid request method Request type was not PUT.

For more information, see Handling Errors.

Add Workbook to Schedule

Adds a task to refresh or accelerate a workbook to an existing schedule. This method is not available for Tableau Online.

The task type must match the schedule type. For a list of schedule types, see Create a Schedule.

URI

PUT /api/api-version/sites/site-id/schedules/schedule-id/workbooks

Parameter Values

api-version The version of the API to use, such as 3.12. For more information, see REST API and Resource Versions.
site-id The ID of the site that contains the view.
schedule-id The ID of the schedule that you are associating with the workbook.

Request Body

<tsRequest>
  <task>
    <extractRefresh>
      <workbook id="workbook-id" />
    </extractRefresh>
  </task>
  <task>
    <dataAcceleration>
      <workbook id="workbook-id" />
    </dataAcceleration>
  </task>
</tsRequest>
        

Attribute Values

workbook-id The ID of the workbook to add to the schedule.

Permissions

Only Tableau Server users who are server administrators or site administrators can add a workbook to a data acceleration schedule. Tableau Server users who are not server administrators or site administrators can only add a workbook to other types of schedules if they own the workbook, or are the project leader for the project that contains the workbook.

Response Code

200

Response Body

<tsResponse>
  <task id="task-id" type="task-type">
    <schedule id="schedule-id"/>
  </task>
</tsResponse>
        

Version

Version 2.8 and later for extract refresh and version 3.8 and later for data acceleration. For more information, see REST API and Resource Versions.

Errors

HTTP status error Code Condition Details
400 400000 Bad Request The content of the request body is missing or incomplete, or contains malformed XML.
401 401002 Unauthorized Access The authentication token provided in the request header was invalid or has expired.
403 403032 Update Forbidden A non-administrator user called this method, but the caller doesn't have sufficient permissions.
404 404000 Site not found The site ID in the URI is unknown.
404 404006 Resource not found The workbook ID in the request body is unknown.
405 405000 Invalid request method Request type was not PUT.
500 500000 Internal Server Error The schedule ID in the URI is unknown.

For more information, see Handling Errors.

Example

curl "http://MY-SERVER/api/3.12/sites/ 1edc53ac-e247-4870-9fd3-6fad0ce5f84d/schedules/9a4ebbab-9ec8-487a-9b48-47fa81d6077a/workbooks" -X PUT -H "X-Tableau-Auth:12ab34cd56ef78ab90cd12ef34ab56cd" –d @add-to-schedule.xml"

Content of add-to-schedule.xml:

<tsRequest>
  <task>
    <extractRefresh>
      <workbook id="5de9cc53-b17d-45af-804d-49144b39f29f" />
    </extractRefresh>
  </task>
</tsRequest>

Example response:

<tsResponse>
  <task>
    <extractRefresh id="9bf8aea0-e3ca-422e-b7ef-d9c4ba6cca45" priority="50" consecutiveFailedCount="0" type="RefreshExtractTask">
      <schedule id="9a4ebbab-9ec8-487a-9b48-47fa81d6077a" name="Weekday early mornings" state="Active" />
      <workbook id="5de9cc53-b17d-45af-804d-49144b39f29f" />
    </extractRefresh>
  </task>
</tsResponse>

Delete Data Source Permission

Removes the specified data source permission for the specified group or user.

URI

DELETE /api/api-version/sites/site-id/datasources/datasource-id/permissions/groups/group-id/capability-name/capability-mode

DELETE /api/api-version/sites/site-id/datasources/datasource-id/permissions/users/user-id/capability-name/capability-mode

Parameter Values

api-version The version of the API to use, such as 3.12. For more information, see REST API and Resource Versions.
site-id The ID of the site that contains the data source.
datasource-id The ID of the data source to remove the permission for.
group-id The ID of the group to remove the permission for.
user-id The ID of the user to remove the permission for.
capability-name

The capability to remove the permission for. Valid capabilities for a data source are ChangePermissions, Connect, Delete, ExportXml, Read (view), and Write.

For more information, see Permissions.

capability-mode Allow to remove the allow permission, or Deny to remove the deny permission. This value is case sensitive.

Request Body

None

Permissions

Tableau Server users who are not server administrators or site administrators can call this method only if they have permission to delete permissions from the data source (either explicitly or implicitly).

Response Code

204

Response Body

None

Version

Version 2.0 and later. For more information, see REST API and Resource Versions.

Errors

HTTP status error Code Condition Details
400 400009 Invalid capability The capability in the URI is invalid for a data source. Valid capabilities for a data source are ChangePermissions, Connect, Delete, ExportXml, Read, and Write.
403 403004 Permissions setting forbidden A non-administrator user called this method but doesn't have permission to set permissions on the data source.
404 404000 Site not found The site ID in the URI doesn't correspond to an existing site.
404 404002 User not found The user ID in the URI doesn't correspond to an existing user.
404 404004 Data source not found The data source ID in the URI doesn't correspond to an existing data source.
404 404012 Group not found The group ID in the URI doesn't correspond to an existing group.
404 404013 Capability not assigned The capability in the URI is not assigned to the specified user or group with the specified mode (Allow or Deny).
405 405000 Invalid request method Request type was not DELETE.

For more information, see Handling Errors.

Delete Default Permission

Removes default permission capabilities granted to a user or group, for metric, flow, workbook, or data source resources in a project. After deleting default permissions, resources of the type you specify that are added to a project will not have the those capabilities granted for a group or user. If permissions are locked to the project(Link opens in a new window), then the same is true for all existing child content of the project.

URI

DELETE /api/api-version/sites/site-id/projects/project-id/default-permissions/workbooks/groups/group-id/capability-name/capability-mode

DELETE /api/api-version/sites/site-id/projects/project-id/default-permissions/workbooks/users/user-id/capability-name/capability-mode

DELETE /api/api-version/sites/site-id/projects/project-id/default-permissions/datasources/groups/group-id/capability-name/capability-mode

DELETE /api/api-version/sites/site-id/projects/project-id/default-permissions/flows/groups/group-id/capability-name/capability-mode

DELETE /api/api-version/sites/site-id/projects/project-id/default-permissions/flows/users/user-id/capability-name/capability-mode

DELETE /api/api-version/sites/site-id/projects/project-id/default-permissions/metrics/groups/group-id/capability-name/capability-mode

DELETE /api/api-version/sites/site-id/projects/project-id/default-permissions/metrics/users/user-id/capability-name/capability-mode

Parameter Values

api-version The version of the API to use, such as 3.12. For more information, see REST API and Resource Versions.
site-id The ID of the site that contains the project.
project-id The ID of the project to remove the default permission for.
group-id The ID of the group to remove the default permission for.
user-id The ID of the user to remove default permission for.
capability-name

The capability to remove the permissions for.

Valid capabilities for a workbook are AddComment, ChangeHierarchy, ChangePermissions, Delete, ExportData, ExportImage, ExportXml, Filter, Read (view), ShareView, ViewComments, ViewUnderlyingData, WebAuthoring, and Write.

Valid capabilities for a data source are ChangePermissions, Connect, Delete, ExportXml, Read (view), and Write.

For more information, see Permissions.

capability-mode Allow to remove the allow permission, or Deny to remove the deny permission. This value is case sensitive.

Request Body

None

Permissions

Tableau Server users who are not server administrators can remove permissions for a project only if they have ProjectLeader permissions for that project (either explicitly or implicitly).

Response Code

204

Response Body

None

Version

Version 2.1 and later. For more information, see REST API and Resource Versions.

Errors

HTTP status error Code Condition Details
400 400009 Invalid capability The capability in the URI is invalid.

Valid capabilities for a workbook are AddComment, ChangeHierarchy, ChangePermissions, Delete, ExportData, ExportImage, ExportXml, Filter, Read, ShareView, ViewComments, ViewUnderlyingData, WebAuthoring, and Write.

Valid capabilities for a data source are ChangePermissions, Connect, Delete, ExportXml, Read, and Write.

403 403004 Permissions setting forbidden A non-administrator user called this method but doesn't have permissions to remove permissions for the project.
403 403095 Delete permissions for flows forbidden A non-administrator user called this method but doesn't have permissions to remove permissions for the project where the flow is located.
404 404000 Site not found The site ID in the URI doesn't correspond to an existing site.
404 404002 User not found A user ID in the URI doesn't correspond to an existing user.
404 404005 Project not found The project ID in the URI doesn't correspond to an existing project.
404 404012 Group not found A group ID in the URI doesn't correspond to an existing group.
404 404013 Capability not assigned The capability in the URI isn't assigned to the specified user or group.
404 404013 Capability not found The capability in the URI doesn't correspond to a defined capability. This can apply to either an invalid capability name or a capability other than Allow or Deny for any mode value.
404 404027 Flow not found The flow ID in the URI doesn't correspond to an existing flow.
405 405000 Invalid request method Request type was not DELETE.

For more information, see Handling Errors.

Delete Project Permission

Removes the specified project permission for the specified group or user.

URI

DELETE /api/api-version/sites/site-id/projects/project-id/permissions/groups/group-id/capability-name/capability-mode

DELETE /api/api-version/sites/site-id/projects/project-id/permissions/users/user-id/capability-name/capability-mode

Parameter Values

api-version The version of the API to use, such as 3.12. For more information, see REST API and Resource Versions.
site-id The ID of the site that contains the project.
project-id The ID of the project to remove the permission for.
group-id The ID of the group to remove the permission for.
user-id The ID of the user to remove project the permission for.
capability-name The capability to remove the permission for. In Tableau Server 10.0, valid capabilities for a project are ProjectLeader, Read (view), and Write.

For more information, see Permissions.

capability-mode Allow to remove the allow permission, or Deny to remove the deny permission. This value is case sensitive.

Request Body

None

Permissions

Tableau Server users who are not server administrators or site administrators can remove permissions for a project only if they have ChangePermissions (version 2.0) or ProjectLeader (version 2.1) permissions for that project (either explicitly or implicitly).

Response Code

204

Response Body

None

Version

Version 2.0 and later. For more information, see REST API and Resource Versions.

Errors

HTTP status error Code Condition Details
400 400009 Invalid capability The capability in the URI is invalid for a project. For a list of valid capabilities, see the capability-name attribute earlier.
403 403004 Permissions setting forbidden A non-administrator user called this method but doesn't have permissions to remove default permissions for the project.
403 403004 Delete forbidden A non-administrative user tried to update the project, but does not have permissions to the project.
404 404000 Site not found The site ID in the URI doesn't correspond to an existing site.
404 404002 User not found A user ID in the URI doesn't correspond to an existing user.
404 404005 Project not found The project ID in the URI doesn't correspond to an existing project.
404 404012 Group not found A group ID in the URI doesn't correspond to an existing group.
404 404013 Capability not assigned The capability in the URI isn't assigned to the specified user or group.
404 404013 Capability not found The capability in the URI doesn't correspond to a defined capability. This can apply to either an invalid capability name or a capability other than Allow or Deny for any mode value.
405 405000 Invalid request method Request type was not DELETE.

For more information, see Handling Errors.

Delete View Permission

Deletes permission to the specified view (also known as a sheet) for a Tableau Server user or group.

URI

DELETE /api/api-version/sites/site-id/views/view-id/permissions/groups/group-id/capability-name/capability-mode

DELETE /api/api-version/sites/site-id/views/view-id/permissions/users/user-id/capability-name/capability-mode

Parameter Values

api-version The version of the API to use, such as 3.12. For more information, see REST API and Resource Versions.
site-id The ID of the site that contains the view.
view-id The ID of the view to delete permissions for. You can obtain this ID by calling Query Views for Site.
group-id The ID of the group to remove the permission for.
user-id The ID of the user to remove the permission for.
capability-name

The capability to remove the permission for.

The valid capabilities for a view are AddComment, ChangePermissions, Delete, ExportData, ExportImage, ExportXml, Filter, Read (view), ShareView, ViewComments, ViewUnderlyingData, WebAuthoring, and Write.

For more information, see Permissions.

capability-mode Allow to remove the allow permission, or Deny to remove the deny permission.

Request Body

None

Permissions

Tableau Server users who are not server administrators or site administrators can delete permissions from a view only if they have ChangePermissions permissions on the view (either explicitly or implicitly).

Response Code

204

Response Body

None

Version

Version 3.2 and later. For more information, see REST API and Resource Versions.

Errors

HTTP status error Code Condition Details
400 400009 Invalid capability The capability in the URI is invalid for a view.
403 403004 Permissions setting forbidden A non-administrator user called this method but doesn't have permission to delete permissions on the view.
403 403039 Project permissions locked The parent project that contains the specified view has its permissions locked.
403 403096 Parent workbook tabs enabled The specified view currently has permissions inherited from its parent workbook. View permission can be deleted if the parent workbook has its tabs disabled.
404 404000 Site not found The site ID or URL namespace in the URI doesn't correspond to an existing site.
404 404002 User not found The user ID in the URI doesn’t correspond to an existing user.
404 404011 View not found The view ID in the URI doesn't correspond to an existing view.
404 404012 Group not found A group ID in the request body doesn't correspond to an existing group.
404 404013 Capability not found The specified capability doesn't correspond to a defined capability. This can apply to either an invalid capability name or an invalid capability value (other than Allow or Deny).
404 404014 Capability not assigned The capability in the URI is not assigned to the specified user or group with the specified mode (Allow or Deny).
405 405000 Invalid request method Request type was not DELETE.

For more information, see Handling Errors.

Example

curl "http://MY-SERVER/api/3.12/sites/fbfa6f03-982c-4930-8ec1-d5949a19125d/views/0524c7ce-250b-45b1-adf2-d08f1648643c/permissions/users/ff43cb47-f208-4d2f-9a22-0fbb6d29f7f1/AddComment/Allow" -X DELETE -H "X-Tableau-Auth:12ab34cd56ef78ab90cd12ef34ab56cd"

Delete Workbook Permission

Deletes the specified permission from the specified workbook for a group or user.

URI

DELETE /api/api-version/sites/site-id/workbooks/workbook-id/permissions/groups/group-id/capability-name/capability-mode

DELETE /api/api-version/sites/site-id/workbooks/workbook-id/permissions/users/user-id/capability-name/capability-mode

Parameter Values

api-version The version of the API to use, such as 3.12. For more information, see REST API and Resource Versions.
site-id The ID of the site that contains the workbook.
workbook-id The ID of the workbook to remove the permission for.
group-id The ID of the group to remove the permission for.
user-id The ID of the user to remove the permission for.
capability-name

The capability to remove the permission for. Valid capabilities for a workbook are AddComment, ChangeHierarchy, ChangePermissions, Delete, ExportData, ExportImage, ExportXml, Filter, Read (view), ShareView, ViewComments, ViewUnderlyingData, WebAuthoring, and Write.

For more information, see Permissions.

capability-mode Allow to remove the allow permission, or Deny to remove the deny permission. This value is case sensitive.

Request Body

None

Permissions

Tableau Server users who are not server administrators or site administrators can delete permissions from a workbook only if they have ChangePermissions permission for workbook (either explicitly or implicitly).

Response Code

204

Response Body

None

Version

Version 2.0 and later. For more information, see REST API and Resource Versions.

Errors

HTTP status error Code Condition Details
400 400009 Invalid capability The capability in the URI is invalid for a workbook resource. Valid capabilities for a workbook are AddComment, ChangeHierarchy, ChangePermissions, Delete, ExportData, ExportImage, ExportXml, Filter, Read, Share_view, ViewComments, ViewUnderlyingData, WebAuthoring, and Write.
403 403004 Permissions setting forbidden A non-administrator user called this method but doesn't have permission to delete permissions from the workbook.
404 404000 Site not found The site ID in the URI doesn't correspond to an existing site.
404 404002 User not found The user ID in the URI doesn't correspond to an existing user.
404 404006 Workbook not found The workbook ID in the URI doesn't correspond to an existing workbook.
404 404012 Group not found The group ID in the URI doesn't correspond to an existing group.
404 404013 Capability not found The capability in the URI doesn't correspond to a defined capability. This can apply to either an invalid capability name or a capability other than Allow or Deny at the end of the URI.
404 404013 Capability not assigned The capability in the URI is not assigned to the specified user or group with the specified mode (Allow or Deny).
405 405000 Invalid request method Request type was not DELETE.

For more information, see Handling Errors.

Query Data Source Permissions

Returns a list of permissions for a specific data source.

URI

GET /api/api-version/sites/site-id/datasources/datasource-id/permissions

Parameter Values

api-version The version of the API to use, such as 3.12. For more information, see REST API and Resource Versions.
site-id The ID of the site that contains the data source.
datasource-id The ID of the data source to get permissions for.

Request Body

None

Permissions

Tableau Server users who are not server administrators or site administrators can view a data source only if they have Read (view) permission for the data source (either explicitly or implicitly).

Response Code

200

Response Body

<tsResponse>
  <permissions>
   <parent type="Project" id="project-id"
   <datasource id="datasource-id"
     owner="owner-user-id" />
   <granteeCapabilities>
     <user id="user-id" />
     <capabilities>
       <capability name="capability-name" mode="capability-mode" />
       ... additional capabilities ...
      </capabilities>
    </granteeCapabilities>
    <granteeCapabilities>
      <group id="group-id" />
      <capabilities>
        <capability name="capability" mode="capability-mode" />
        ... additional capabilities ...
       </capabilities>
     </granteeCapabilities>
     ... additional grantee capability sets ...
  </permissions>
</tsResponse>
        

Note: The parent element is included in the response only if the workbook's permissions are determined by project-level default permissions and project permissions are locked. Project permissions can be locked for a new project when you call Create Project or for an existing project by calling Update Project. For more information, see Lock Content Permissions to the Project(Link opens in a new window).

Version

Version 2.0 and later. For more information, see REST API and Resource Versions.

Errors

HTTP status error Code Condition Details
404 404000 Site not found The site ID in the URI doesn't correspond to an existing site.
404 404004 Data source not found The data source ID in the URI doesn't correspond to an existing data source.
405 405000 Invalid request method Request type was not GET.

For more information, see Handling Errors.

Example

curl "http://MY-SERVER/api/3.12/sites/9a8b7c6d-5e4f-3a2b-1c0d-9e8f7a6b5c4d/datasources/1a2a3b4b-5c6c-7d8d-9e0e-1f2f3a4a5b6b/permissions" -X GET -H "X-Tableau-Auth:12ab34cd56ef78ab90cd12ef34ab56cd"

Example response:

<tsResponse version-and-namespace-settings>
  <parent type="Project" id="1f2f3e4e-5d6d-7c8c-9b0b-1a2a3f4f5e6e" />
  <permissions>
    <datasource id="1a2a3b4b-5c6c-7d8d-9e0e-1f2f3a4a5b6b" name="USPS-rates">
      <owner id="9f9e9d9c-8b8a-8f8e-7d7c-7b7a6f6d6e6d"/>
    </datasource>
    <granteeCapabilities>
      <group id="1a2b3c4d-5e6f-7a8b-9c0d-1e2f3a4b5c6d" />
      <capabilities>
        <capability name="Connect" mode="Allow"/>
        <capability name="Read" mode="Allow"/>
      </capabilities>
    </granteeCapabilities>
  </permissions>
</tsResponse>

Query Default Permissions

Returns details of default permission capabilities granted to users and groups for metric, flow, workbook and data source resources in a project.

URI

GET /api/api-version/sites/site-id/projects/project-id/default-permissions/datasources

GET /api/api-version/sites/site-id/projects/project-id/default-permissions/workbooks

GET /api/api-version/sites/site-id/projects/project-id/default-permissions/flows

GET /api/api-version/sites/site-id/projects/project-id/default-permissions/metrics

Parameter Values

api-version The version of the API to use, such as 3.12. For more information, see REST API and Resource Versions.
site-id The ID of the site that contains the project.
project-id The project to get default permissions for.

Request Body

None

Permissions

Tableau Server users who are not server administrators can query default permissions for a project only if they have the ProjectLeader permission for that project (either explicitly or implicitly).

Response Code

200

Response Body

<tsResponse>
  <permissions>
	<project id="project-id" name="project-name" />
	<granteeCapabilities>
      <user id="user-id" />
	  <capabilities>
	    <capability name="capability" mode="capability-mode" />
	    <capability name="capability" mode="capability-mode" />
	    <... additional capabilities ...>
	  </capabilities>
	</granteeCapabilities>
	<... additional grantee capabilities ...>
  </permissions>
</tsResponse>
        

Version

Version 2.1 and later. For more information, see REST API and Resource Versions.

Errors

HTTP status error Code Condition Details
403 403035 Querying data source permissions forbidden The caller doesn't have permissions to query the project's default permissions for data sources.
403 403036 Querying workbook permissions forbidden The caller doesn't have permissions to query the project's default permissions for workbooks.
403 403035 Querying flow permissions forbidden The caller doesn't have permissions to query the project's default permissions for flows.
404 404000 Site not found The site ID in the URI doesn't correspond to an existing site.
404 404005 Project not found The project ID in the URI doesn't correspond to an existing project.
405 405000 Invalid request method Request type was not GET.

For more information, see Handling Errors.

Query Project Permissions

Returns information about the set of permissions allowed or denied for groups and users in a project.

URI

GET /api/api-version/sites/site-id/projects/project-id/permissions

Parameter Values

api-version The version of the API to use, such as 3.12. For more information, see REST API and Resource Versions.
site-id The ID of the site that contains the project.
project-id The project to get permissions for.

Request Body

None

Permissions

This method can only be called by server administrators and site administrators.

Response Code

200

Response Body

<tsResponse>
  <permissions>
    <project id="project-id" name="project-name" />
    <granteeCapabilities>
      <user id="user-id" />
      <capabilities>
        <capability name="capability" mode="capability-mode" />
        <capability name="capability" mode="capability-mode" />
        ... additional capabilities ...
      </capabilities>
    </granteeCapabilities>
    <granteeCapabilities>
      <group id="group-id" />
      <capabilities>
        <capability name="capability" mode="capability-mode" />
        ... additional capabilities ...
      </capabilities>
    </granteeCapabilities>
    ... additional grantee capabilities ...
  </permissions>
</tsResponse>
        

Version

Version 2.0 and later. For more information, see REST API and Resource Versions.

Errors

HTTP status error Code Condition Details
404 404000 Site not found The site ID in the URI doesn't correspond to an existing site.
404 404005 Project not found The project ID in the URI doesn't correspond to an existing project.
405 405000 Invalid request method Request type was not GET.

For more information, see Handling Errors.

Example

curl "http://MY-SERVER/api/3.12/sites/9a8b7c6d-5e4f-3a2b-1c0d-9e8f7a6b5c4d/projects/1f2f3e4e-5d6d-7c8c-9b0b-1a2a3f4f5e6e/permissions" -X GET -H "X-Tableau-Auth:12ab34cd56ef78ab90cd12ef34ab56cd"

Example response:

<tsResponse version-and-namespace-settings>
  <permissions>
    <project id="1f2f3e4e-5d6d-7c8c-9b0b-1a2a3f4f5e6e" name="default">
      <owner id="9f9e9d9c-8b8a-8f8e-7d7c-7b7a6f6d6e6d"/>
    </project>
    <granteeCapabilities>
      <group id="1a2b3c4d-5e6f-7a8b-9c0d-1e2f3a4b5c6d"/>
      <capabilities>
        <capability name="Read" mode="Allow"/>
        <capability name="Write" mode="Allow"/>
      </capabilities>
    </granteeCapabilities>
  </permissions>
</tsResponse>

Query View Permissions

Returns a list of permissions for the specific view.

URI

GET /api/api-version/sites/site-id/views/view-id/permissions

Parameter Values

api-version The version of the API to use, such as 3.12. For more information, see REST API and Resource Versions.
site-id The ID of the site that contains the view.
view-id The ID of the view to get permissions for.

Request Body

None

Permissions

This method can only be called by server and site administrators, and users who have Read (view) permission for the specific view.

Response Code

200

Response Body

<tsResponse>
  <parent type="Project" id="project-id" />
  <permissions>
    <view id="view-id"/>
      <owner id="owner-id"/>
    </view>
    <granteeCapabilities>
      <user id="user-id"/>
      <capabilities>
        <capability name="capability-name" mode="capability-mode"/>
        <capability name="capability-name" mode="capability-mode"/>
        ... additional capabilities ...
      </capabilities>
    </granteeCapabilities>
    <granteeCapabilities>
      <user id="user-id"/>
      <capabilities>
        <capability name="capability-name" mode="capability-mode"/>
        <capability name="capability-name" mode="capability-mode"/>
        ... additional capabilities ...
      </capabilities>
    </granteeCapabilities>
    <granteeCapabilities>
      <group id="group-id"/>
      <capabilities>
        <capability name="capability-name" mode="capability-mode"/>
        ... additional capabilities ...
      </capabilities>
      </granteeCapabilities>
  </permissions>
</tsResponse>
          

Note: The parent element is included in the response only if the view's permissions are determined by project-level default permissions and project permissions are locked. Project permissions can be locked for a new project when you call Create Project or for an existing project by calling Update Project. For more information, see Lock Content Permissions to the Project(Link opens in a new window).

Version

Version 3.2 and later. For more information, see REST API and Resource Versions.

Errors

HTTP status error Code Condition Details
403 403004 Permissions setting forbidden A non-administrator user called this method but doesn't have permission to set permissions on the view.
404 404000 Site not found The site ID or URL namespace in the URI doesn't correspond to an existing site.
404 404011 View not found The view ID in the URI doesn't correspond to an existing view.
405 405000 Invalid request method Request type was not GET.

For more information, see Handling Errors.

Example

curl "http://MY-SERVER/api/3.12/sites/9a8b7c6d-5e4f-3a2b-1c0d-9e8f7a6b5c4d/views/0524c7ce-250b-45b1-adf2-d08f1648643c/permissions" -X GET -H "X-Tableau-Auth:12ab34cd56ef78ab90cd12ef34ab56cd"

Example response:

<tsResponse>
  <permissions>
    <view id="0524c7ce-250b-45b1-adf2-d08f1648643c"/>
      <owner id="1a5dffe8-2439-4862-9eb0-46d055ef7379"/>
    </view>
    <granteeCapabilities>
      <group id="9e617a5c-a733-11e8-8ec3-b748ab3bf3d6"/>
      <capabilities>
        <capability name="ViewComments" mode=mode="Allow"/>
        <capability name="ExportData" mode=mode="Allow"/>
        <capability name="AddComment" mode=mode="Allow"/>
        <capability name="Filter" mode=mode="Allow"/>
        <capability name="ViewUnderlyingData" mode=mode="Allow"/>
        <capability name="Read" mode=mode="Allow"/>
        <capability name="ShareView" mode=mode="Allow"/>
        <capability name="ExportImage" mode=mode="Allow"/>
      </capabilities>
      </granteeCapabilities>
    <granteeCapabilities>
      <user id="1a5dffe8-2439-4862-9eb0-46d055ef7379"/>
      <capabilities>
        <capability name="ExportImage" mode=mode="Allow"/>
        <capability name="AddComment" mode=mode="Allow"/>
      </capabilities>
    </granteeCapabilities>
    <granteeCapabilities>
      <user id="ff43cb47-f208-4d2f-9a22-0fbb6d29f7f1"/>
      <capabilities>
        <capability name="AddComment" mode=mode="Allow"/>
      </capabilities>
    </granteeCapabilities>
  </permissions>
</tsResponse>

Query Workbook Permissions

Returns a list of permissions for the specific workbook.

URI

GET /api/api-version/sites/site-id/workbooks/workbook-id/permissions

Parameter Values

api-version The version of the API to use, such as 3.12. For more information, see REST API and Resource Versions.
site-id The ID of the site that contains the workbook.
workbook-id The ID of the workbook to get permissions for.

Request Body

None

Permissions

This method can only be called by server administrators and site administrators.

Response Code

200

Response Body

<tsResponse>
  <parent type="Project" id="project-id" />
  <permissions>
    <workbook id="workbook-id" name="workbook-name >
      <owner="owner-user-id" />
    </workbook>
    <granteeCapabilities>
      <user id="user-id" />
      <capabilities>
        <capability name="capability" mode="capability-mode" />
         ... additional capabilities for users ...
      </capabilities>
    </granteeCapabilities>
    <granteeCapabilities>
      <group id="group-id" />
      <capabilities>
        <capability name="capability" mode="capability-mode" />
         ... additional capabilities for groups ...
      </capabilities>
    </granteeCapabilities>
    ... additional grantee capability sets ...
  </permissions>
</tsResponse>
        

Note: The parent element is included in the response only if the workbook's permissions are determined by project-level default permissions and project permissions are locked. Project permissions can be locked for a new project when you call Create Project or for an existing project by calling Update Project. For more information, see Lock Content Permissions to the Project(Link opens in a new window).

Version

Version 2.0 and later. For more information, see REST API and Resource Versions.

Errors

HTTP status error Code Condition Details
404 404000 Site not found The site ID in the URI doesn't correspond to an existing site.
404 404006 Workbook not found The workbook ID in the URI doesn't correspond to an existing workbook.
405 405000 Invalid request method Request type was not GET.

For more information, see Handling Errors.

Example

curl "http://MY-SERVER/api/3.12/sites/9a8b7c6d-5e4f-3a2b-1c0d-9e8f7a6b5c4d/workbooks/1a1b1c1d-2e2f-2a2b-3c3d-3e3f4a4b4c4d/permissions" -X GET -H "X-Tableau-Auth:12ab34cd56ef78ab90cd12ef34ab56cd"

Example response:

<tsResponse version-and-namespace-settings>
  <parent type="Project" id="1f2f3e4e-5d6d-7c8c-9b0b-1a2a3f4f5e6e" />
  <permissions>
    <workbook id="1a1b1c1d-2e2f-2a2b-3c3d-3e3f4a4b4c4d" name="Finance">
      <owner id="9f9e9d9c-8b8a-8f8e-7d7c-7b7a6f6d6e6d"/>
    </workbook>
    <granteeCapabilities>
      <group id="1a2b3c4d-5e6f-7a8b-9c0d-1e2f3a4b5c6d"/>
      <capabilities>
        <capability name="Read" mode="Allow"/>
        <capability name="Filter" mode="Allow"/>
        <capability name="ViewUnderlyingData" mode="Allow"/>
        <capability name="ExportImage" mode="Allow"/>
        <capability name="ExportData" mode="Allow"/>
        <capability name="AddComment" mode="Allow"/>
        <capability name="ViewComments" mode="Allow"/>
        <capability name="ShareView" mode="Allow"/>
      </capabilities>
    </granteeCapabilities>
  </permissions>
</tsResponse>


Thanks for your feedback!