Permission Capabilities and Templates
Permissions are made up of capabilities, or the ability to perform a given action on a piece of content, such as view, filter, download or delete. Each row in the Permission Rules area of the dialog is a permission rule. Permission rules are the setting for each capability (allowed, denied or unspecified) for the group or user in that row. Permission rules have templates available that make it easier to assign capabilities quickly. Permission rules can also be copied and pasted.
Note: In the permission dialog for projects, there are tabs for each content type (Projects, Workbooks, Data Sources and – if you have the Data Management Add-on – Data Roles and Flows). When a permission rule is added, the default for all capabilities across all content types is Unspecified. To allow or deny capabilities for each content type, you must go to each tab in turn. In the permission dialog for a specific piece of content, there are no tabs and the permission rules only apply to that piece of content.
Templates group sets of capabilities that are often assigned together based on common user scenarios, View, Explore, Publish and Administer. Assigning a template sets its included capabilities to Allowed, with the rest left as Unspecified. The templates are cumulative, so the Explore template includes everything from the View template plus additional capabilities. All content also has a template for None (which sets all capabilities to unspecified) and Denied (which sets all capabilities to denied).
Templates are meant to be a starting point and can be adjusted after they are applied. Capabilities can also be granted or denied without using a template at all. In both cases, the template column will then show Custom.
Copy and paste permissions
If there is a permission rule that needs to be assigned to multiple groups or users, you can copy and paste from one rule to another. You can’t copy from or paste onto a rule that involves Project Leader status.
- Open the action menu (...) for the existing rule you want to copy from and select Copy Permissions. This will only be available when the rule is not in edit mode.
- Select an existing rule you want to paste over. You can also create a new rule by clicking + Add Group/User Rule and selecting a group or user.
- Open the action menu (...) and select Paste Permissions.
Each content type has specific capabilities:
Projects only have two capabilities and two templates. Prior to 2020.1, Project Leader was treated as a permission capability rather than a setting. For more information about project leaders and how to assign them in 2020.1 and later, see Project administration.
View allows a user to see the project. If a user hasn’t been granted the view capability, the project won’t be visible to them. Granting the view capability for a project does not mean a user can see any content in the project, just the existence of the project itself.
Publish allows a user to publish content to the project from Tableau Desktop or Tableau Prep Builder. The publish capability is also required to move content into the project or save content to the project from web authoring. Prior to 2020.1, this capability was called Save.
View allows a user to see the workbook or view. If a user hasn’t been granted the view capability, the workbook won’t be visible to them.
Filter allows a user to interact with filters in the view, including keep only and exclude filters. Users lacking this capability won’t see filter controls in the view.
View Comments allows a user to view the comments associated with the views in a workbook.
Add Comments allows a user to add comments to views in a workbook.
Download Image/PDF allows a user to download each view as a PNG, PDF or PowerPoint.
Download Summary Data allows a user to view the aggregated data in a view, or in the marks they’ve selected, and download that data (as a CSV).
Share Customised allows a user to save customisations made to the view (such as filters and selections) as custom views. For users with a site role of Explorer or above, they can share these customisations, which makes them appear as options for other users. For more information, see Use Custom Views(Link opens in a new window).
Download Full Data allows a user to view the underlying data in a view, or in the marks they’ve selected, and download that data (as a CSV).
Web Edit allows a user to edit the view in a browser-based authoring environment.
- Note: Creating new content in the browser or saving views from the web edit interface requires a specific combination of capabilities. For more information, see Web Editing and Web Authoring.
- The Web Editing feature must also be enabled for the entire site or even users with this capability allowed won’t be able to web edit. For more information, see Set a Site's Web Authoring Access(Link opens in a new window).
Download Workbook/Save a Copy allows a user to download a packaged workbook (as a TWBX). Allows a user to save (publish) a copy from the web edit interface as a new workbook. Prior to 2020.1, this capability was called Download Workbook/Save As.
Overwrite allows a user to overwrite (save) the content asset on the server. Prior to 2020.1, this capability was called Save.
- When allowed, the user can re-publish a workbook, data source or flow, or save a workbook in web authoring, thereby becoming the owner and gaining access to all permissions. Subsequently, the original owner’s access to the workbook is determined by their permissions just like any other user.
Move allows a user to move workbooks between projects. For more information, see Move content.
Delete allows a user to delete the workbook.
Set Permissions allows a user to create permission rules for the workbook.
In a workbook that is not in a locked project and does not show sheets as tabs for navigation, views (sheets, dashboards, stories) inherit the workbook permissions at publication, but any changes to permission rules must be made on individual views. View capabilities are the same as those for workbooks, except for Overwrite, Download Workbook/Save a Copy and Move which are only available at the workbook level. We recommend showing navigational sheet tabs whenever possible so views continue to inherit their permissions from the workbook.
View allows a user to see the data source on the server
Connect allows a user to connect to a data source in Tableau Desktop, Tableau Prep Builder, Ask Data or web editing.
- If a workbook author embeds their credentials to a published data source in a published workbook, they are essentially embedding their Connect capability. Therefore, users can see the data in the workbook regardless of their own Connect capability for that data source. If the workbook author doesn’t embed their credentials to the published data source, the user needs their own Connect capability to the data source in order to consume the workbook. For more information, see Data access for published Tableau data sources.
- A user must have the Connect capability for a data source in order to use Ask Data. For more information, see Enable Ask Data for Sites and Data Sources.
Download Data Source allows a user to download the data source from the server (as a TDSX)
Overwrite allows a user to publish data sources to the server and overwrite data sources on the server. Prior to 2020.1, this capability was called Save.
Delete allows a user to delete the data source
Set Permissions allows a user to create and edit permission rules for the data source
Other content types
|View template||Explore template||Publish template||Administer template|
|Flows||View allows a user to view the flow.||Download flow allows a user to download the flow (as a TFLX).||
Run allows a user to run the flow.
Overwrite* allows a user to publish flows and overwrite published flows.
Move allows a user to move content between projects. For more information, see Move content.
Delete allows a user to delete the content.
Set Permissions allows a user to create permission rules for the content.
|Data Roles||View allows a user to view data roles.||n/a||Overwrite* allows a user to publish data roles and overwrite published data roles.|
|Metrics||View allows a user to view metrics.||n/a||Overwrite* allows a user to publish metrics and overwrite published metrics.|
*Prior to 2020.1, the Overwrite capability was called Save.