Permissions Methods
Using the permissions methods of the Tableau Server REST API you can:
- List, add, and delete granular default permissions that apply to new content created in a project
- List, add, and delete granular permissions for existing projects, workbooks, views, flows, metrics, and data sources
This functionality relates to the UI elements and concepts described at: Permissions Reference(Link opens in a new window).
Add Data Source Permissions
Adds permissions to the specified data source for a Tableau Server user or group. You can specify multiple sets of permissions using one call.
If a specified permission has already been granted or denied for a given user or group, the system ignores it.
If the request body includes a child workbook or <project> element, the request is invalid.
URI
PUT /api/api-version/sites/site-id/datasources/datasource-id/permissions
Parameter Values
| api-version | The version of the API to use, such as 3.12. For more information, see REST API and Resource Versions. |
| site-id | The ID of the site that contains the data source. |
| datasource-id | The ID of the data source to set permissions for. |
Request Body
<tsRequest>
<permissions>
<datasource id="datasource-id" />
<granteeCapabilities>
<user id="user-id" />
<capabilities>
<capability name="capability-name" mode="capability-mode" />
... additional capabilities ...
</capabilities>
</granteeCapabilities>
<granteeCapabilities>
<group id="group-id" />
<capabilities>
<capability name="capability-name" mode="capability-mode" />
... additional capabilities ...
</capabilities>
</granteeCapabilities>
... additional grantee capability sets ...
</permissions>
</tsRequest>
Attribute Values
| datasource-id | The <datasource> element is not required, but can be included for compatibility with earlier versions of the REST API. If the <datasource> element is included, the datasource-id value must match the data source ID in the URI. Any other attributes in the <datasource> element are ignored. |
| user-id | The ID (not name) of the user to add permissions for. |
| group-id | The ID (not name) of the group to add permissions for. |
| capability-name |
The capability to assign. For valid capabilities for a data source project are
ChangePermissions,
Connect,
Delete,
ExportXml,
Read (view), and
Write.
For more information, see Permissions. |
| capability-mode | Allow to allow the capability, or Deny to deny it. This value is case sensitive. |
Permissions
Tableau Server users who are not server administrators or site administrators can add permissions only to a data source for which they have ChangePermissions permission (either explicitly or implicitly).
Response Code
200
Response Body
<tsResponse version-and-namespace-settings>
<permissions>
<datasource id="datasource-id" />
<granteeCapabilities>
<user id="user-id" />
<capabilities>
<capability name="capability" mode="Allow-or-Deny" />
<capability name="capability" mode="Allow-or-Deny" />
... additional capabilities ...
</capabilities>
</granteeCapabilities>
<granteeCapabilities>
<group id="group-id" />
<capabilities>
<capability name="capability" mode="Allow-or-Deny" />
<capability name="capability" mode="Allow-or-Deny" />
... additional capabilities ...
</capabilities>
</granteeCapabilities>
... additional grantee capability sets ...
</permissions>
</tsResponse>
Version
Version 2.0 and later. For more information, see REST API and Resource Versions.
Errors
| HTTP status | error Code |
Condition | Details |
|---|---|---|---|
| 400 | 400000 | Bad request | The content of the request body is missing or incomplete, or contains malformed XML. |
| 400 | 400009 | Invalid capability | The specified capability is invalid for a data source. Valid capabilities for a data source are ChangePermissions, Connect, Delete, ExportXml, Read, and Write. |
| 403 | 403004 | No permissions to set permissions. | A user attempted to add permissions to a data source, but the caller doesn't have permission to set permissions on the data source. |
| 404 | 404000 | Site not found | The specified site doesn't correspond to an existing site. |
| 404 | 404002 | User not found | The user specified in the request body doesn't correspond to an existing user. |
| 404 | 404004 | Data source not found | The specified data source doesn't correspond to an existing data source. |
| 404 | 404012 | Group not found | The group specified in the request body doesn't correspond to an existing group. |
| 404 | 404013 | Capability not found | A capability specified in the request body doesn't correspond to a defined capability. This can apply to either an invalid capability name or to a capability other than Allow or Deny for any mode value. |
| 405 | 405000 | Invalid request method | Request type was not PUT. |
For more information, see Handling Errors.
Add Default Permissions
Adds default permission capabilities granted to a user or group, for metric, flow, workbook, or data source resources in a project. After adding default permissions, resources of the type you specify that are added to a project will have those capabilities granted for a group or user. If permissions are locked to the project(Link opens in a new window), then the same is true for all existing child content of the project. For more information, see Permissions(Link opens in a new window).
Content owners can override default permissions for their content, but only if project permissions have not been locked. Project permissions can be locked for a new project when you call Create Project or for an existing project by calling Update Project. For more information, see Lock Content Permissions to the Project(Link opens in a new window).
URI
PUT /api/api-version/sites/site-id/projects/project-id/default-permissions/workbooks
PUT /api/api-version/sites/site-id/projects/project-id/default-permissions/datasources
PUT /api/api-version/sites/site-id/projects/project-id/default-permissions/flows
PUT /api/api-version/sites/site-id/projects/project-id/default-permissions/metrics
Parameter Values
| api-version | The version of the API to use, such as 3.12. For more information, see REST API and Resource Versions. |
| site-id | The ID of the site that contains the project. |
| project-id | The ID of the project to set default permissions for. |
Request Body
<tsRequest>
<permissions>
<granteeCapabilities>
<user id="user-id" />
<capabilities>
<capability name="capability-name" mode="capability-mode" />
< !-- ... additional capabilities ... -->
</capabilities>
</granteeCapabilities>
<granteeCapabilities>
<group id="group-id" />
<capabilities>
<capability name="capability-name" mode="capability-mode" />
< !-- ... additional capabilities ... -->
</capabilities>
</granteeCapabilities>
< !-- ... additional grantee capability sets ... -->
</permissions>
</tsRequest>
Attribute Values
| user-id | The ID (not name) of the user to add default permissions for. |
| group-id | The ID (not name) of the group to add permissions for. |
| capability-name | The capability to assign. Valid capabilities for a workbook are AddComment, ChangeHierarchy, ChangePermissions, Delete, ExportData, ExportImage, ExportXml, Filter, Read (view), ShareView, ViewComments, ViewUnderlyingData, WebAuthoring, and Write. Valid capabilities for a data source are ChangePermissions, Connect, Delete, ExportXml, Read (view), and Write. For more information, see Permissions. |
| capability-mode | Allow to allow the capability, or Deny to deny it. This value is case sensitive. |
Permissions
Tableau Server users who are not server administrators can add permissions defaults for a project only if they have the ProjectLeader permission for that project (either explicitly or implicitly).
Response Code
200
Response Body
<tsResponse xmlns="http://tableau.com/api" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://tableau.com/api http://tableau.com/api/ts-api-3.5.xsd">
<permissions>
<database id="e8d4aa9f-3d1a-4b49-8d6d-27f113cbd25e" name="oracle.test.tsi.lan:1521"/>
<granteeCapabilities>
<user id="6265b714-7533-465d-b6db-6d0be92bfd07"/>
<capabilities>
<capability name="Read" mode="Allow"/>
</capabilities>
</granteeCapabilities>
</permissions>
</tsResponse>
Version
Version 2.1 and later. For more information, see REST API and Resource Versions.
Errors
| HTTP status | error Code |
Condition | Details |
|---|---|---|---|
| 400 | 400000 | Bad request | The content of the request body is missing or incomplete, or contains malformed XML. |
| 400 | 400009 | Invalid capability | The capability in the URI is invalid for a data source. Valid capabilities for a workbook are AddComment, ChangeHierarchy, ChangePermissions, Delete, ExportData, ExportImage, ExportXml, Filter, Read (view), ShareView, ViewComments, ViewUnderlyingData, WebAuthoring, and Write. Valid capabilities for a data source are ChangePermissions, Connect, Delete, ExportXml, Read (view), and Write. |
| 400 | 400042 | Malformed permissions qualifier | The request body includes a <workbook> or <datasource> element. |
| 403 | 403004 | Permissions setting forbidden | A non-administrator user called this method but doesn't have permission to add permissions on the project. |
| 404 | 404000 | Site not found | The site ID in the URI doesn't correspond to an existing site. |
| 404 | 404002 | User not found | A user ID in the request body as the grantee doesn't correspond to an existing user. |
| 404 | 404005 | Project not found | The project ID in the URI doesn't correspond to an existing project. |
| 404 | 404009 | Project ID mismatch | A project ID specified in the URI does not match the project ID specified in the request body. (You do not have to specify a project ID in the request body.) |
| 404 | 404012 | Group not found | A group ID in the request body doesn't correspond to an existing group. |
| 404 | 404013 | Capability not found | The capability in the request body doesn't correspond to a defined capability. This can apply to either an invalid capability name or to a capability other than Allow or Deny for any mode value. |
| 405 | 405000 | Invalid request method | Request type was not PUT. |
For more information, see Handling Errors.
Add Project Permissions
Adds permissions to the specified project for a Tableau Server user or group. You can specify multiple sets of permissions using one call.
If the request body includes a child datasource or <project> element, the request is invalid.
URI
PUT /api/api-version/sites/site-id/projects/project-id/permissions
Parameter Values
| api-version | The version of the API to use, such as 3.12. For more information, see REST API and Resource Versions. |
| site-id | The ID of the site that contains the project. |
| project-id | The ID of the project to set permissions for. |
Request Body
<tsRequest>
<permissions>
<granteeCapabilities>
<user id="user-id" />
<capabilities>
<capability name="capability-name" mode="capability-mode" />
... additional capabilities ...
</capabilities>
</granteeCapabilities>
<granteeCapabilities>
<group id="group-id" />
<capabilities>
<capability name="capability-name" mode="capability-mode" />
... additional capabilities ...
</capabilities>
</granteeCapabilities>
... additional grantee capability sets ...
</permissions>
</tsRequest>
Attribute Values
| user-id | The ID (not name) of the user to add permissions for. |
| group-id | The ID (not name) of the group to add permissions for. |
| capability-name |
The capability to assign permissions to. In Tableau Server 10.0, the valid
capabilities for a project are
ProjectLeader,
Read (view), and
Write.
For more information, see Permissions. |
| capability-mode | Allow to allow the capability, or Deny to deny it. This value is case sensitive. |
Permissions
Tableau Server users who are not server administrators or site administrators can add permissions for a project only if they have ChangePermissions (version 2.0) or
ProjectLeader (version 2.1) permission for that project (either explicitly or implicitly).
Response Code
200
Response Body
<tsResponse>
<permissions>
<project id="project-id" name="project-name" />
<owner id="project-owner-id" />
</project>
<granteeCapabilities>
<user id="user-id" />
<capabilities>
<capability name="capability" mode="Allow-or-Deny" />
<capability name="capability" mode="Allow-or-Deny" />
... additional capabilities ...
</capabilities>
</granteeCapabilities>
<granteeCapabilities>
<group id="group-id" />
<capabilities>
<capability name="capability" mode="Allow-or-Deny" />
<capability name="capability" mode="Allow-or-Deny" />
... additional capabilities ...
</capabilities>
</granteeCapabilities>
... additional grantee capability sets ...
</permissions>
</tsResponse>
Version
Version 2.0 and later. For more information, see REST API and Resource Versions.
Errors
| HTTP status | error Code |
Condition | Details |
|---|---|---|---|
| 400 | 400000 | Bad request | The content of the request body is missing or incomplete, or contains malformed XML. |
| 400 | 400009 | Invalid capability |
The capability specified in the request is not in the list of valid capability names for this method. The mode of the capability for ProjectLeader cannot be set to Deny. |
| 403 | 403004 | Permissions setting forbidden | A non-administrator user called this method but doesn't have permission to add permissions on the project. |
| 404 | 404000 | Site not found | The site ID in the URI doesn't correspond to an existing site. |
| 404 | 404002 | User not found | A user ID in the request body as the grantee doesn't correspond to an existing user. |
| 404 | 404005 | Project not found | The project ID in the URI doesn't correspond to an existing project. |
| 404 | 404009 | Project ID mismatch | A project ID specified in the URI does not match the project ID specified in the request body. (You do not have to specify a project ID in the request body.) |
| 404 | 404012 | Group not found | A group ID in the request body doesn't correspond to an existing group. |
| 404 | 404013 | Capability not found | The capability in the request body doesn't correspond to a defined capability. This can apply to either an invalid capability name or to a capability other than Allow or Deny for any mode value. |
| 405 | 405000 | Invalid request method | Request type was not PUT. |
For more information, see Handling Errors.
Add View Permissions
Adds permissions to the specified view (also known as a sheet) for a Tableau Server user or group. You can specify multiple sets of permissions using one call.
URI
PUT /api/api-version/sites/site-id/views/view-id/permissions
Parameter Values
| api-version | The version of the API to use, such as 3.12. For more information, see REST API and Resource Versions. |
| site-id | The ID of the site that contains the workbook view. |
| view-id | The ID of the view to set permissions for. You can obtain this ID by calling Query Views for Site. |
Request Body
<tsRequest>
<permissions>
<view id="view-id" />
<granteeCapabilities>
<user id="user-id" />
<capabilities>
<capability name="capability-name" mode="capability-mode" />
... additional capabilities ...
</capabilities>
</granteeCapabilities>
<granteeCapabilities>
<group id="group-id" />
<capabilities>
<capability name="capability-name" mode="capability-mode" />
... additional capabilities ...
</capabilities>
</granteeCapabilities>
... additional grantee capability sets ...
</permissions>
</tsRequest>
Attribute Values
| view-id | The view-id value must match the view ID in the URI. |
| user-id | The ID (not name) of the user to add permissions for. |
| group-id | The ID (not name) of the group to add permissions for. |
| capability-name | The capability to assign. If any capability has already been
granted or denied for a specified user or group, that capability is ignored. For valid capabilities for a view are
AddComment, ChangePermissions, Delete, ExportData, ExportImage, ExportXml, Filter, Read (view), ShareView, ViewComments, ViewUnderlyingData, WebAuthoring, and Write.
For more information, see Permissions. |
| capability-mode | Allow to allow the capability, or Deny to deny it. This value is case sensitive. |
Permissions
This method can only be called by server and site administrators, and user who have permission to set permissions on the workbook (either explicitly or implicitly). To use this method, the parent workbook that contains the specified view must have its showTabs attribute set to Hide. You can configure this setting by using the Update Workbook method.
Response Code
200
Response Body
<tsResponse>
<permissions>
<view id="view-id" />
<owner id="owner-id"/>
</view>
<granteeCapabilities>
<user id="user-id" />
<capabilities>
<capability name="capability-name" mode="capability-mode" />
<capability name="capability-name" mode="capability-mode" />
</capabilities>
</granteeCapabilities>
<granteeCapabilities>
<user id="user-id" />
<capabilities>
<capability name="capability-name" mode="capability-mode" />
<capability name="capability-name" mode="capability-mode" />
</capabilities>
</granteeCapabilities>
<granteeCapabilities>
<group id="group-id" />
<capabilities>
<capability name="capability-name" mode="capability-mode" />
</capabilities>
</granteeCapabilities>
</permissions>
</tsResponse>
The createdAt and updatedAt values are dates and times in UTC format (YYYY-MM-DDTHH:MM:SSZ).
Version
Version 3.2 and later. For more information, see REST API and Resource Versions.
Errors
| HTTP status | error Code |
Condition | Details |
|---|---|---|---|
| 400 | 400000 | Bad request | The content of the request body is missing or incomplete, or contains malformed XML. |
| 400 | 400009 | Invalid capability | The capability in the URI is invalid for a view. |
| 403 | 403004 | Permissions setting forbidden | A non-administrator user called this method but doesn't have permission to set permissions on the view. |
| 404 | 404000 | Site not found | The site ID in the URI doesn't correspond to an existing site. |
| 404 | 404011 | View not found | The view ID in the URI doesn't correspond to an existing view. |
| 404 | 404012 | Group not found | A group ID in the request body doesn't correspond to an existing group. |
| 404 | 404013 | Capability not found | The specified capability doesn't correspond to a defined capability. This can apply to either an invalid capability name or an invalid capability value (other than Allow or Deny). |
| 405 | 405000 | Invalid request method | Request type was not PUT. |
For more information, see Handling Errors.
Example
curl "http://MY-SERVER/api/3.12/sites/13020592-762f-4de4-a25e-f4beb005836e/views/e5a4b73e-5cbb-412d-907e-f31cc31684f7" -X GET -H "X-Tableau-Auth:12ab34cd56ef78ab90cd12ef34ab56cd" -d @add-view-permissions.xml
Example of add-view-permissions.xml:
<tsRequest>
<permissions>
<view id="34acb0d7-fa37-43d7-bdde-d6635eb724b5" />
<granteeCapabilities>
<user id="8eda27d9-5ad2-42cd-a39a-61bc01a423af" />
<capabilities>
<capability name="ExportImage" mode="Allow" />
<capability name="ChangePermissions" mode="Deny" />
</capabilities>
</granteeCapabilities>
</permissions>
</tsRequest>Example response:
<tsResponse>
<permissions>
<view id="34acb0d7-fa37-43d7-bdde-d6635eb724b5" name="What If Forecast">
<owner id="8eda27d9-5ad2-42cd-a39a-61bc01a423af"/>
</view>
<granteeCapabilities>
<group id="2aa47cfa-9f2b-11e8-a260-af4a26124661"/>
<capabilities>
<capability name="ShareView" mode="Allow"/>
<capability name="ViewComments" mode="Allow"/>
<capability name="Filter" mode="Allow"/>
<capability name="ExportData" mode="Allow"/>
<capability name="Read" mode="Allow"/>
<capability name="AddComment" mode="Allow"/>
<capability name="ViewUnderlyingData" mode="Allow"/>
<capability name="ExportImage" mode="Allow"/>
</capabilities>
</granteeCapabilities>
<granteeCapabilities>
<user id="8eda27d9-5ad2-42cd-a39a-61bc01a423af"/>
<capabilities>
<capability name="ExportImage" mode="Allow"/>
<capability name="ChangePermissions" mode="Deny"/>
</capabilities>
</granteeCapabilities>
</permissions>
</tsResponse>Add Workbook Permissions
Adds permissions to the specified workbook for a Tableau Server user or group. You can specify multiple sets of permissions using one call.
URI
PUT /api/api-version/sites/site-id/workbooks/workbook-id/permissions
Parameter Values
| api-version | The version of the API to use, such as 3.12. For more information, see REST API and Resource Versions. |
| site-id | The ID of the site that contains the workbook. |
| workbook-id | The ID of the workbook to set permissions for. |
Request Body
<tsRequest>
<permissions>
<workbook id="workbook-id" />
<granteeCapabilities>
<user id="user-id" />
<capabilities>
<capability name="capability-name" mode="capability-mode" />
... additional capabilities ...
</capabilities>
</granteeCapabilities>
<granteeCapabilities>
<group id="group-id" />
<capabilities>
<capability name="capability-name" mode="capability-mode" />
... additional capabilities ...
</capabilities>
</granteeCapabilities>
... additional grantee capability sets ...
</permissions>
</tsRequest>
Attribute Values
| workbook-id | The <workbook> element is not required, but can be included for compatibility with earlier versions of the REST API. If the <workbook> element is included, the workbook-id value must match the workbook ID in the URI. Any other attributes in the <workbook> element are ignored. |
| user-id | The ID (not name) of the user to add permissions for. |
| group-id | The ID (not name) of the group to add permissions for. |
| capability-name |
The capability to assign. If any capability has already been granted or denied for a specified user or group, that capability is ignored. Valid capabilities for a workbook are AddComment, ChangeHierarchy, ChangePermissions, Delete, ExportData, ExportImage, ExportXml, Filter, Read (view), ShareView, ViewComments, ViewUnderlyingData, WebAuthoring, and Write. For more information, see Permissions. |
| capability-mode | Allow to allow the capability, or Deny to deny it. This value is case sensitive. |
Permissions
Tableau Server users who are not server administrators or site administrators can call this method only if the have permission to set permissions on the workbook (either explicitly or implicitly).
Response Code
200
Response Body
<tsResponse>
<permissions>
<workbook id="workbook-id" />
<granteeCapabilities>
<user id="user-id" />
<capabilities>
<capability name="capability" mode="Allow-or-Deny" />
<capability name="capability" mode="Allow-or-Deny" />
... additional capabilities ...
</capabilities>
</granteeCapabilities>
<granteeCapabilities>
<group id="group-id" />
<capabilities>
<capability name="capability" mode="Allow-or-Deny" />
<capability name="capability" mode="Allow-or-Deny" />
... additional capabilities ...
</capabilities>
</granteeCapabilities>
... additional grantee capability sets ...
</permissions>
</tsResponse>
Version
Version 2.0 and later. For more information, see REST API and Resource Versions.
Errors
| HTTP status | error Code |
Condition | Details |
|---|---|---|---|
| 400 | 400000 | Bad request | The content of the request body is missing or incomplete, or contains malformed XML. |
| 400 | 400009 | Invalid capability | The capability in the URI is invalid for a workbook resource. Valid capabilities for a workbook are AddComment, ChangeHierarchy, ChangePermissions, Delete, ExportData, ExportImage, ExportXml, Filter, Read (view), ShareView, ViewComments, ViewUnderlyingData, WebAuthoring, and Write. |
| 403 | 403004 | Permissions setting forbidden | A non-administrator user called this method but doesn't have permission to set permissions on the workbook. |
| 404 | 404000 | Site not found | The site ID in the URI doesn't correspond to an existing site. |
| 404 | 404002 | User not found | A user ID in the request body doesn't correspond to an existing user. |
| 404 | 404006 | Workbook not found | The workbook ID in the URI doesn't correspond to an existing workbook. |
| 404 | 404012 | Group not found | A group ID in the request body doesn't correspond to an existing group. |
| 404 | 404013 | Capability not found | The specified capability doesn't correspond to a defined capability. This can apply to either an invalid capability name or a capability other than Allow or Deny for any mode value. |
| 405 | 405000 | Invalid request method | Request type was not PUT. |
For more information, see Handling Errors.
Add Workbook to Schedule
Adds a task to refresh or accelerate a workbook to an existing schedule. This method is not available for Tableau Online.
The task type must match the schedule type. For a list of schedule types, see Create a Schedule.
URI
PUT /api/api-version/sites/site-id/schedules/schedule-id/workbooks
Parameter Values
| api-version | The version of the API to use, such as 3.12.
For more information, see REST API and Resource Versions. |
| site-id | The ID of the site that contains the view. |
| schedule-id | The ID of the schedule that you are associating with the workbook. |
Request Body
<tsRequest>
<task>
<extractRefresh>
<workbook id="workbook-id" />
</extractRefresh>
</task>
<task>
<dataAcceleration>
<workbook id="workbook-id" />
</dataAcceleration>
</task>
</tsRequest>
Attribute Values
| workbook-id | The ID of the workbook to add to the schedule. |
Permissions
Only Tableau Server users who are server administrators or site administrators can add a workbook to a data acceleration schedule. Tableau Server users who are not server administrators or site administrators can only add a workbook to other types of schedules if they own the workbook, or are the project leader for the project that contains the workbook.
Response Code
200
Response Body
<tsResponse>
<task id="task-id" type="task-type">
<schedule id="schedule-id"/>
</task>
</tsResponse>
Version
Version 2.8 and later for extract refresh and version 3.8 and later for data acceleration. For more information, see REST API and Resource Versions.
Errors
| HTTP status | error Code |
Condition | Details |
|---|---|---|---|
| 400 | 400000 | Bad Request | The content of the request body is missing or incomplete, or contains malformed XML. |
| 401 | 401002 | Unauthorized Access | The authentication token provided in the request header was invalid or has expired. |
| 403 | 403032 | Update Forbidden | A non-administrator user called this method, but the caller doesn't have sufficient permissions. |
| 404 | 404000 | Site not found | The site ID in the URI is unknown. |
| 404 | 404006 | Resource not found | The workbook ID in the request body is unknown. |
| 405 | 405000 | Invalid request method | Request type was not PUT. |
| 500 | 500000 | Internal Server Error | The schedule ID in the URI is unknown. |
For more information, see Handling Errors.
Example
curl "http://MY-SERVER/api/3.12/sites/
1edc53ac-e247-4870-9fd3-6fad0ce5f84d/schedules/9a4ebbab-9ec8-487a-9b48-47fa81d6077a/workbooks" -X PUT
-H "X-Tableau-Auth:12ab34cd56ef78ab90cd12ef34ab56cd" –d @add-to-schedule.xml"
Content of add-to-schedule.xml:
<tsRequest>
<task>
<extractRefresh>
<workbook id="5de9cc53-b17d-45af-804d-49144b39f29f" />
</extractRefresh>
</task>
</tsRequest>Example response:
<tsResponse>
<task>
<extractRefresh id="9bf8aea0-e3ca-422e-b7ef-d9c4ba6cca45" priority="50" consecutiveFailedCount="0" type="RefreshExtractTask">
<schedule id="9a4ebbab-9ec8-487a-9b48-47fa81d6077a" name="Weekday early mornings" state="Active" />
<workbook id="5de9cc53-b17d-45af-804d-49144b39f29f" />
</extractRefresh>
</task>
</tsResponse>Delete Data Source Permission
Removes the specified data source permission for the specified group or user.
URI
DELETE /api/api-version/sites/site-id/datasources/datasource-id/permissions/groups/group-id/capability-name/capability-mode
DELETE /api/api-version/sites/site-id/datasources/datasource-id/permissions/users/user-id/capability-name/capability-mode
Parameter Values
| api-version | The version of the API to use, such as 3.12. For more information, see REST API and Resource Versions. |
| site-id | The ID of the site that contains the data source. |
| datasource-id | The ID of the data source to remove the permission for. |
| group-id | The ID of the group to remove the permission for. |
| user-id | The ID of the user to remove the permission for. |
| capability-name |
The capability to remove the permission for. Valid capabilities for a data source are ChangePermissions, Connect, Delete, ExportXml, Read (view), and Write. For more information, see Permissions. |
| capability-mode | Allow to remove the allow permission, or Deny to remove the deny permission. This value is case sensitive. |
Request Body
None
Permissions
Tableau Server users who are not server administrators or site administrators can call this method only if they have permission to delete permissions from the data source (either explicitly or implicitly).
Response Code
204
Response Body
None
Version
Version 2.0 and later. For more information, see REST API and Resource Versions.
Errors
| HTTP status | error Code |
Condition | Details |
|---|---|---|---|
| 400 | 400009 | Invalid capability | The capability in the URI is invalid for a data source. Valid capabilities for a data source are ChangePermissions, Connect, Delete, ExportXml, Read, and Write. |
| 403 | 403004 | Permissions setting forbidden | A non-administrator user called this method but doesn't have permission to set permissions on the data source. |
| 404 | 404000 | Site not found | The site ID in the URI doesn't correspond to an existing site. |
| 404 | 404002 | User not found | The user ID in the URI doesn't correspond to an existing user. |
| 404 | 404004 | Data source not found | The data source ID in the URI doesn't correspond to an existing data source. |
| 404 | 404012 | Group not found | The group ID in the URI doesn't correspond to an existing group. |
| 404 | 404013 | Capability not assigned | The capability in the URI is not assigned to the specified user or group with the specified mode (Allow or Deny). |
| 405 | 405000 | Invalid request method | Request type was not DELETE. |
For more information, see Handling Errors.
Delete Default Permission
Removes default permission capabilities granted to a user or group, for metric, flow, workbook, or data source resources in a project. After deleting default permissions, resources of the type you specify that are added to a project will not have the those capabilities granted for a group or user. If permissions are locked to the project(Link opens in a new window), then the same is true for all existing child content of the project.
URI
DELETE /api/api-version/sites/site-id/projects/project-id/default-permissions/workbooks/groups/group-id/capability-name/capability-mode
DELETE /api/api-version/sites/site-id/projects/project-id/default-permissions/workbooks/users/user-id/capability-name/capability-mode
DELETE /api/api-version/sites/site-id/projects/project-id/default-permissions/datasources/groups/group-id/capability-name/capability-mode
DELETE /api/api-version/sites/site-id/projects/project-id/default-permissions/flows/groups/group-id/capability-name/capability-mode
DELETE /api/api-version/sites/site-id/projects/project-id/default-permissions/flows/users/user-id/capability-name/capability-mode
DELETE /api/api-version/sites/site-id/projects/project-id/default-permissions/metrics/groups/group-id/capability-name/capability-mode
DELETE /api/api-version/sites/site-id/projects/project-id/default-permissions/metrics/users/user-id/capability-name/capability-mode
Parameter Values
| api-version | The version of the API to use, such as 3.12. For more information, see REST API and Resource Versions. |
| site-id | The ID of the site that contains the project. |
| project-id | The ID of the project to remove the default permission for. |
| group-id | The ID of the group to remove the default permission for. |
| user-id | The ID of the user to remove default permission for. |
| capability-name |
The capability to remove the permissions for. Valid capabilities for a workbook are AddComment, ChangeHierarchy, ChangePermissions, Delete, ExportData, ExportImage, ExportXml, Filter, Read (view), ShareView, ViewComments, ViewUnderlyingData, WebAuthoring, and Write. Valid capabilities for a data source are ChangePermissions, Connect, Delete, ExportXml, Read (view), and Write. For more information, see Permissions. |
| capability-mode | Allow to remove the allow permission, or Deny to remove the deny permission. This value is case sensitive. |
Request Body
None
Permissions
Tableau Server users who are not server administrators can remove permissions for a project only if they have ProjectLeader permissions for that project (either explicitly or implicitly).
Response Code
204
Response Body
None
Version
Version 2.1 and later. For more information, see REST API and Resource Versions.
Errors
| HTTP status | error Code |
Condition | Details |
|---|---|---|---|
| 400 | 400009 | Invalid capability | The capability in the URI is invalid. Valid capabilities for a workbook are AddComment, ChangeHierarchy, ChangePermissions, Delete, ExportData, ExportImage, ExportXml, Filter, Read, ShareView, ViewComments, ViewUnderlyingData, WebAuthoring, and Write. Valid capabilities for a data source are ChangePermissions, Connect, Delete, ExportXml, Read, and Write. |
| 403 | 403004 | Permissions setting forbidden | A non-administrator user called this method but doesn't have permissions to remove permissions for the project. |
| 403 | 403095 | Delete permissions for flows forbidden | A non-administrator user called this method but doesn't have permissions to remove permissions for the project where the flow is located. |
| 404 | 404000 | Site not found | The site ID in the URI doesn't correspond to an existing site. |
| 404 | 404002 | User not found | A user ID in the URI doesn't correspond to an existing user. |
| 404 | 404005 | Project not found | The project ID in the URI doesn't correspond to an existing project. |
| 404 | 404012 | Group not found | A group ID in the URI doesn't correspond to an existing group. |
| 404 | 404013 | Capability not assigned | The capability in the URI isn't assigned to the specified user or group. |
| 404 | 404013 | Capability not found | The capability in the URI doesn't correspond to a defined capability. This can apply to either an invalid capability name or a capability other than Allow or Deny for any mode value. |
| 404 | 404027 | Flow not found | The flow ID in the URI doesn't correspond to an existing flow. |
| 405 | 405000 | Invalid request method | Request type was not DELETE. |
For more information, see Handling Errors.
Delete Project Permission
Removes the specified project permission for the specified group or user.
URI
DELETE /api/api-version/sites/site-id/projects/project-id/permissions/groups/group-id/capability-name/capability-mode
DELETE /api/api-version/sites/site-id/projects/project-id/permissions/users/user-id/capability-name/capability-mode
Parameter Values
| api-version | The version of the API to use, such as 3.12. For more information, see REST API and Resource Versions. |
| site-id | The ID of the site that contains the project. |
| project-id | The ID of the project to remove the permission for. |
| group-id | The ID of the group to remove the permission for. |
| user-id | The ID of the user to remove project the permission for. |
| capability-name |
The capability to remove the permission for. In Tableau Server 10.0, valid capabilities for a project are
ProjectLeader,
Read (view), and
Write.
For more information, see Permissions. |
| capability-mode | Allow to remove the allow permission, or Deny to remove the deny permission. This value is case sensitive. |
Request Body
None
Permissions
Tableau Server users who are not server administrators or site administrators can remove permissions for a project only if they have ChangePermissions (version 2.0) or
ProjectLeader (version 2.1) permissions for that project (either explicitly or implicitly).
Response Code
204
Response Body
None
Version
Version 2.0 and later. For more information, see REST API and Resource Versions.
Errors
| HTTP status | error Code |
Condition | Details |
|---|---|---|---|
| 400 | 400009 | Invalid capability | The capability in the URI is invalid for a project. For a list of valid capabilities, see the capability-name attribute earlier. |
| 403 | 403004 | Permissions setting forbidden | A non-administrator user called this method but doesn't have permissions to remove default permissions for the project. |
| 403 | 403004 | Delete forbidden | A non-administrative user tried to update the project, but does not have permissions to the project. |
| 404 | 404000 | Site not found | The site ID in the URI doesn't correspond to an existing site. |
| 404 | 404002 | User not found | A user ID in the URI doesn't correspond to an existing user. |
| 404 | 404005 | Project not found | The project ID in the URI doesn't correspond to an existing project. |
| 404 | 404012 | Group not found | A group ID in the URI doesn't correspond to an existing group. |
| 404 | 404013 | Capability not assigned | The capability in the URI isn't assigned to the specified user or group. |
| 404 | 404013 | Capability not found | The capability in the URI doesn't correspond to a defined capability. This can apply to either an invalid capability name or a capability other than Allow or Deny for any mode value. |
| 405 | 405000 | Invalid request method | Request type was not DELETE. |
For more information, see Handling Errors.
Delete View Permission
Deletes permission to the specified view (also known as a sheet) for a Tableau Server user or group.
URI
DELETE /api/api-version/sites/site-id/views/view-id/permissions/groups/group-id/capability-name/capability-mode
DELETE /api/api-version/sites/site-id/views/view-id/permissions/users/user-id/capability-name/capability-mode
Parameter Values
| api-version | The version of the API to use, such as 3.12. For more information, see REST API and Resource Versions. |
| site-id | The ID of the site that contains the view. |
| view-id | The ID of the view to delete permissions for. You can obtain this ID by calling Query Views for Site. |
| group-id | The ID of the group to remove the permission for. |
| user-id | The ID of the user to remove the permission for. |
| capability-name |
The capability to remove the permission for. The valid capabilities for a view are AddComment, ChangePermissions, Delete, ExportData, ExportImage, ExportXml, Filter, Read (view), ShareView, ViewComments, ViewUnderlyingData, WebAuthoring, and Write. For more information, see Permissions. |
| capability-mode | Allow to remove the allow permission, or Deny to remove the deny permission. |
Request Body
None
Permissions
Tableau Server users who are not server administrators or site administrators can delete permissions from a view only if they have ChangePermissions permissions on the view (either explicitly or implicitly).
Response Code
204
Response Body
None
Version
Version 3.2 and later. For more information, see REST API and Resource Versions.
Errors
| HTTP status | error Code |
Condition | Details |
|---|---|---|---|
| 400 | 400009 | Invalid capability | The capability in the URI is invalid for a view. |
| 403 | 403004 | Permissions setting forbidden | A non-administrator user called this method but doesn't have permission to delete permissions on the view. |
| 403 | 403039 | Project permissions locked | The parent project that contains the specified view has its permissions locked. |
| 403 | 403096 | Parent workbook tabs enabled | The specified view currently has permissions inherited from its parent workbook. View permission can be deleted if the parent workbook has its tabs disabled. |
| 404 | 404000 | Site not found | The site ID or URL namespace in the URI doesn't correspond to an existing site. |
| 404 | 404002 | User not found | The user ID in the URI doesn’t correspond to an existing user. |
| 404 | 404011 | View not found | The view ID in the URI doesn't correspond to an existing view. |
| 404 | 404012 | Group not found | A group ID in the request body doesn't correspond to an existing group. |
| 404 | 404013 | Capability not found | The specified capability doesn't correspond to a defined capability. This can apply to either an invalid capability name or an invalid capability value (other than Allow or Deny). |
| 404 | 404014 | Capability not assigned | The capability in the URI is not assigned to the specified user or group with the specified mode (Allow or Deny). |
| 405 | 405000 | Invalid request method | Request type was not DELETE. |
For more information, see Handling Errors.
Example
curl "http://MY-SERVER/api/3.12/sites/fbfa6f03-982c-4930-8ec1-d5949a19125d/views/0524c7ce-250b-45b1-adf2-d08f1648643c/permissions/users/ff43cb47-f208-4d2f-9a22-0fbb6d29f7f1/AddComment/Allow" -X DELETE -H "X-Tableau-Auth:12ab34cd56ef78ab90cd12ef34ab56cd"
Delete Workbook Permission
Deletes the specified permission from the specified workbook for a group or user.
URI
DELETE /api/api-version/sites/site-id/workbooks/workbook-id/permissions/groups/group-id/capability-name/capability-mode
DELETE /api/api-version/sites/site-id/workbooks/workbook-id/permissions/users/user-id/capability-name/capability-mode
Parameter Values
| api-version | The version of the API to use, such as 3.12. For more information, see REST API and Resource Versions. |
| site-id | The ID of the site that contains the workbook. |
| workbook-id | The ID of the workbook to remove the permission for. |
| group-id | The ID of the group to remove the permission for. |
| user-id | The ID of the user to remove the permission for. |
| capability-name |
The capability to remove the permission for. Valid capabilities for a workbook are AddComment, ChangeHierarchy, ChangePermissions, Delete, ExportData, ExportImage, ExportXml, Filter, Read (view), ShareView, ViewComments, ViewUnderlyingData, WebAuthoring, and Write. For more information, see Permissions. |
| capability-mode | Allow to remove the allow permission, or Deny to remove the deny permission. This value is case sensitive. |
Request Body
None
Permissions
Tableau Server users who are not server administrators or site administrators can delete permissions from a workbook only if they have ChangePermissions permission for workbook (either explicitly or implicitly).
Response Code
204
Response Body
None
Version
Version 2.0 and later. For more information, see REST API and Resource Versions.
Errors
| HTTP status | error Code |
Condition | Details |
|---|---|---|---|
| 400 | 400009 | Invalid capability | The capability in the URI is invalid for a workbook resource. Valid capabilities for a workbook are AddComment, ChangeHierarchy, ChangePermissions, Delete, ExportData, ExportImage, ExportXml, Filter, Read, Share_view, ViewComments, ViewUnderlyingData, WebAuthoring, and Write. |
| 403 | 403004 | Permissions setting forbidden | A non-administrator user called this method but doesn't have permission to delete permissions from the workbook. |
| 404 | 404000 | Site not found | The site ID in the URI doesn't correspond to an existing site. |
| 404 | 404002 | User not found | The user ID in the URI doesn't correspond to an existing user. |
| 404 | 404006 | Workbook not found | The workbook ID in the URI doesn't correspond to an existing workbook. |
| 404 | 404012 | Group not found | The group ID in the URI doesn't correspond to an existing group. |
| 404 | 404013 | Capability not found | The capability in the URI doesn't correspond to a defined capability. This can apply to either an invalid capability name or a capability other than Allow or Deny at the end of the URI. |
| 404 | 404013 | Capability not assigned | The capability in the URI is not assigned to the specified user or group with the specified mode (Allow or Deny). |
| 405 | 405000 | Invalid request method | Request type was not DELETE. |
For more information, see Handling Errors.
Query Data Source Permissions
Returns a list of permissions for a specific data source.
URI
GET /api/api-version/sites/site-id/datasources/datasource-id/permissions
Parameter Values
| api-version | The version of the API to use, such as 3.12. For more information, see REST API and Resource Versions. |
| site-id | The ID of the site that contains the data source. |
| datasource-id | The ID of the data source to get permissions for. |
Request Body
None
Permissions
Tableau Server users who are not server administrators or site administrators can view a data source only if they have Read (view) permission for the data source (either explicitly or implicitly).
Response Code
200
Response Body
<tsResponse>
<permissions>
<parent type="Project" id="project-id"
<datasource id="datasource-id"
owner="owner-user-id" />
<granteeCapabilities>
<user id="user-id" />
<capabilities>
<capability name="capability-name" mode="capability-mode" />
... additional capabilities ...
</capabilities>
</granteeCapabilities>
<granteeCapabilities>
<group id="group-id" />
<capabilities>
<capability name="capability" mode="capability-mode" />
... additional capabilities ...
</capabilities>
</granteeCapabilities>
... additional grantee capability sets ...
</permissions>
</tsResponse>
Note: The parent element is included in the response only if the workbook's permissions are determined by project-level default permissions and project permissions are locked. Project permissions can be locked for a new project when you call Create Project or for an existing project by calling Update Project. For more information, see Lock Content Permissions to the Project(Link opens in a new window).
Version
Version 2.0 and later. For more information, see REST API and Resource Versions.
Errors
| HTTP status | error Code |
Condition | Details |
|---|---|---|---|
| 404 | 404000 | Site not found | The site ID in the URI doesn't correspond to an existing site. |
| 404 | 404004 | Data source not found | The data source ID in the URI doesn't correspond to an existing data source. |
| 405 | 405000 | Invalid request method | Request type was not GET. |
For more information, see Handling Errors.
Example
curl "http://MY-SERVER/api/3.12/sites/9a8b7c6d-5e4f-3a2b-1c0d-9e8f7a6b5c4d/datasources/1a2a3b4b-5c6c-7d8d-9e0e-1f2f3a4a5b6b/permissions" -X GET -H "X-Tableau-Auth:12ab34cd56ef78ab90cd12ef34ab56cd"
Example response:
<tsResponse version-and-namespace-settings>
<parent type="Project" id="1f2f3e4e-5d6d-7c8c-9b0b-1a2a3f4f5e6e" />
<permissions>
<datasource id="1a2a3b4b-5c6c-7d8d-9e0e-1f2f3a4a5b6b" name="USPS-rates">
<owner id="9f9e9d9c-8b8a-8f8e-7d7c-7b7a6f6d6e6d"/>
</datasource>
<granteeCapabilities>
<group id="1a2b3c4d-5e6f-7a8b-9c0d-1e2f3a4b5c6d" />
<capabilities>
<capability name="Connect" mode="Allow"/>
<capability name="Read" mode="Allow"/>
</capabilities>
</granteeCapabilities>
</permissions>
</tsResponse>Query Default Permissions
Returns details of default permission capabilities granted to users and groups for metric, flow, workbook and data source resources in a project.
URI
GET /api/api-version/sites/site-id/projects/project-id/default-permissions/datasources
GET /api/api-version/sites/site-id/projects/project-id/default-permissions/workbooks
GET /api/api-version/sites/site-id/projects/project-id/default-permissions/flows
GET /api/api-version/sites/site-id/projects/project-id/default-permissions/metrics
Parameter Values
| api-version | The version of the API to use, such as 3.12. For more information, see REST API and Resource Versions. |
| site-id | The ID of the site that contains the project. |
| project-id | The project to get default permissions for. |
Request Body
None
Permissions
Tableau Server users who are not server administrators can query default permissions for a project only if they have the ProjectLeader permission for that project (either explicitly or implicitly).
Response Code
200
Response Body
<tsResponse>
<permissions>
<project id="project-id" name="project-name" />
<granteeCapabilities>
<user id="user-id" />
<capabilities>
<capability name="capability" mode="capability-mode" />
<capability name="capability" mode="capability-mode" />
<... additional capabilities ...>
</capabilities>
</granteeCapabilities>
<... additional grantee capabilities ...>
</permissions>
</tsResponse>
Version
Version 2.1 and later. For more information, see REST API and Resource Versions.
Errors
| HTTP status | error Code |
Condition | Details |
|---|---|---|---|
| 403 | 403035 | Querying data source permissions forbidden | The caller doesn't have permissions to query the project's default permissions for data sources. |
| 403 | 403036 | Querying workbook permissions forbidden | The caller doesn't have permissions to query the project's default permissions for workbooks. |
| 403 | 403035 | Querying flow permissions forbidden | The caller doesn't have permissions to query the project's default permissions for flows. |
| 404 | 404000 | Site not found | The site ID in the URI doesn't correspond to an existing site. |
| 404 | 404005 | Project not found | The project ID in the URI doesn't correspond to an existing project. |
| 405 | 405000 | Invalid request method | Request type was not GET. |
For more information, see Handling Errors.
Query Project Permissions
Returns information about the set of permissions allowed or denied for groups and users in a project.
URI
GET /api/api-version/sites/site-id/projects/project-id/permissions
Parameter Values
| api-version | The version of the API to use, such as 3.12. For more information, see REST API and Resource Versions. |
| site-id | The ID of the site that contains the project. |
| project-id | The project to get permissions for. |
Request Body
None
Permissions
This method can only be called by server administrators and site administrators.
Response Code
200
Response Body
<tsResponse>
<permissions>
<project id="project-id" name="project-name" />
<granteeCapabilities>
<user id="user-id" />
<capabilities>
<capability name="capability" mode="capability-mode" />
<capability name="capability" mode="capability-mode" />
... additional capabilities ...
</capabilities>
</granteeCapabilities>
<granteeCapabilities>
<group id="group-id" />
<capabilities>
<capability name="capability" mode="capability-mode" />
... additional capabilities ...
</capabilities>
</granteeCapabilities>
... additional grantee capabilities ...
</permissions>
</tsResponse>
Version
Version 2.0 and later. For more information, see REST API and Resource Versions.
Errors
| HTTP status | error Code |
Condition | Details |
|---|---|---|---|
| 404 | 404000 | Site not found | The site ID in the URI doesn't correspond to an existing site. |
| 404 | 404005 | Project not found | The project ID in the URI doesn't correspond to an existing project. |
| 405 | 405000 | Invalid request method | Request type was not GET. |
For more information, see Handling Errors.
Example
curl "http://MY-SERVER/api/3.12/sites/9a8b7c6d-5e4f-3a2b-1c0d-9e8f7a6b5c4d/projects/1f2f3e4e-5d6d-7c8c-9b0b-1a2a3f4f5e6e/permissions" -X GET -H "X-Tableau-Auth:12ab34cd56ef78ab90cd12ef34ab56cd"
Example response:
<tsResponse version-and-namespace-settings>
<permissions>
<project id="1f2f3e4e-5d6d-7c8c-9b0b-1a2a3f4f5e6e" name="default">
<owner id="9f9e9d9c-8b8a-8f8e-7d7c-7b7a6f6d6e6d"/>
</project>
<granteeCapabilities>
<group id="1a2b3c4d-5e6f-7a8b-9c0d-1e2f3a4b5c6d"/>
<capabilities>
<capability name="Read" mode="Allow"/>
<capability name="Write" mode="Allow"/>
</capabilities>
</granteeCapabilities>
</permissions>
</tsResponse>Query View Permissions
Returns a list of permissions for the specific view.
URI
GET /api/api-version/sites/site-id/views/view-id/permissions
Parameter Values
| api-version | The version of the API to use, such as 3.12. For more information, see REST API and Resource Versions. |
| site-id | The ID of the site that contains the view. |
| view-id | The ID of the view to get permissions for. |
Request Body
None
Permissions
This method can only be called by server and site administrators, and users who have Read (view) permission for the specific view.
Response Code
200
Response Body
<tsResponse>
<parent type="Project" id="project-id" />
<permissions>
<view id="view-id"/>
<owner id="owner-id"/>
</view>
<granteeCapabilities>
<user id="user-id"/>
<capabilities>
<capability name="capability-name" mode="capability-mode"/>
<capability name="capability-name" mode="capability-mode"/>
... additional capabilities ...
</capabilities>
</granteeCapabilities>
<granteeCapabilities>
<user id="user-id"/>
<capabilities>
<capability name="capability-name" mode="capability-mode"/>
<capability name="capability-name" mode="capability-mode"/>
... additional capabilities ...
</capabilities>
</granteeCapabilities>
<granteeCapabilities>
<group id="group-id"/>
<capabilities>
<capability name="capability-name" mode="capability-mode"/>
... additional capabilities ...
</capabilities>
</granteeCapabilities>
</permissions>
</tsResponse>
Note: The parent element is included in the response only if the view's permissions are determined by project-level default permissions and project permissions are locked. Project permissions can be locked for a new project when you call Create Project or for an existing project by calling Update Project. For more information, see Lock Content Permissions to the Project(Link opens in a new window).
Version
Version 3.2 and later. For more information, see REST API and Resource Versions.
Errors
| HTTP status | error Code |
Condition | Details |
|---|---|---|---|
| 403 | 403004 | Permissions setting forbidden | A non-administrator user called this method but doesn't have permission to set permissions on the view. |
| 404 | 404000 | Site not found | The site ID or URL namespace in the URI doesn't correspond to an existing site. |
| 404 | 404011 | View not found | The view ID in the URI doesn't correspond to an existing view. |
| 405 | 405000 | Invalid request method | Request type was not GET. |
For more information, see Handling Errors.
Example
curl "http://MY-SERVER/api/3.12/sites/9a8b7c6d-5e4f-3a2b-1c0d-9e8f7a6b5c4d/views/0524c7ce-250b-45b1-adf2-d08f1648643c/permissions" -X GET -H "X-Tableau-Auth:12ab34cd56ef78ab90cd12ef34ab56cd"
Example response:
<tsResponse>
<permissions>
<view id="0524c7ce-250b-45b1-adf2-d08f1648643c"/>
<owner id="1a5dffe8-2439-4862-9eb0-46d055ef7379"/>
</view>
<granteeCapabilities>
<group id="9e617a5c-a733-11e8-8ec3-b748ab3bf3d6"/>
<capabilities>
<capability name="ViewComments" mode=mode="Allow"/>
<capability name="ExportData" mode=mode="Allow"/>
<capability name="AddComment" mode=mode="Allow"/>
<capability name="Filter" mode=mode="Allow"/>
<capability name="ViewUnderlyingData" mode=mode="Allow"/>
<capability name="Read" mode=mode="Allow"/>
<capability name="ShareView" mode=mode="Allow"/>
<capability name="ExportImage" mode=mode="Allow"/>
</capabilities>
</granteeCapabilities>
<granteeCapabilities>
<user id="1a5dffe8-2439-4862-9eb0-46d055ef7379"/>
<capabilities>
<capability name="ExportImage" mode=mode="Allow"/>
<capability name="AddComment" mode=mode="Allow"/>
</capabilities>
</granteeCapabilities>
<granteeCapabilities>
<user id="ff43cb47-f208-4d2f-9a22-0fbb6d29f7f1"/>
<capabilities>
<capability name="AddComment" mode=mode="Allow"/>
</capabilities>
</granteeCapabilities>
</permissions>
</tsResponse>Query Workbook Permissions
Returns a list of permissions for the specific workbook.
URI
GET /api/api-version/sites/site-id/workbooks/workbook-id/permissions
Parameter Values
| api-version | The version of the API to use, such as 3.12. For more information, see REST API and Resource Versions. |
| site-id | The ID of the site that contains the workbook. |
| workbook-id | The ID of the workbook to get permissions for. |
Request Body
None
Permissions
This method can only be called by server administrators and site administrators.
Response Code
200
Response Body
<tsResponse>
<parent type="Project" id="project-id" />
<permissions>
<workbook id="workbook-id" name="workbook-name >
<owner="owner-user-id" />
</workbook>
<granteeCapabilities>
<user id="user-id" />
<capabilities>
<capability name="capability" mode="capability-mode" />
... additional capabilities for users ...
</capabilities>
</granteeCapabilities>
<granteeCapabilities>
<group id="group-id" />
<capabilities>
<capability name="capability" mode="capability-mode" />
... additional capabilities for groups ...
</capabilities>
</granteeCapabilities>
... additional grantee capability sets ...
</permissions>
</tsResponse>
Note: The parent element is included in the response only if the workbook's permissions are determined by project-level default permissions and project permissions are locked. Project permissions can be locked for a new project when you call Create Project or for an existing project by calling Update Project. For more information, see Lock Content Permissions to the Project(Link opens in a new window).
Version
Version 2.0 and later. For more information, see REST API and Resource Versions.
Errors
| HTTP status | error Code |
Condition | Details |
|---|---|---|---|
| 404 | 404000 | Site not found | The site ID in the URI doesn't correspond to an existing site. |
| 404 | 404006 | Workbook not found | The workbook ID in the URI doesn't correspond to an existing workbook. |
| 405 | 405000 | Invalid request method | Request type was not GET. |
For more information, see Handling Errors.
Example
curl "http://MY-SERVER/api/3.12/sites/9a8b7c6d-5e4f-3a2b-1c0d-9e8f7a6b5c4d/workbooks/1a1b1c1d-2e2f-2a2b-3c3d-3e3f4a4b4c4d/permissions" -X GET -H "X-Tableau-Auth:12ab34cd56ef78ab90cd12ef34ab56cd"
Example response:
<tsResponse version-and-namespace-settings>
<parent type="Project" id="1f2f3e4e-5d6d-7c8c-9b0b-1a2a3f4f5e6e" />
<permissions>
<workbook id="1a1b1c1d-2e2f-2a2b-3c3d-3e3f4a4b4c4d" name="Finance">
<owner id="9f9e9d9c-8b8a-8f8e-7d7c-7b7a6f6d6e6d"/>
</workbook>
<granteeCapabilities>
<group id="1a2b3c4d-5e6f-7a8b-9c0d-1e2f3a4b5c6d"/>
<capabilities>
<capability name="Read" mode="Allow"/>
<capability name="Filter" mode="Allow"/>
<capability name="ViewUnderlyingData" mode="Allow"/>
<capability name="ExportImage" mode="Allow"/>
<capability name="ExportData" mode="Allow"/>
<capability name="AddComment" mode="Allow"/>
<capability name="ViewComments" mode="Allow"/>
<capability name="ShareView" mode="Allow"/>
</capabilities>
</granteeCapabilities>
</permissions>
</tsResponse>