Permissions Data Source
Permissions contains the effective permissions for all users and content on the site. Administrators can use the data source to identify gaps in permissions security and ensure that only the appropriate users can access content items.
Note: Site roles determine the maximum capabilities a user can have. For example, a Viewer can’t web edit, even if they’re allowed in a user or group rule. Based on the order that permissions are evaluated, users may have different capabilities than listed in the data source. For more information, see Effective permissions.
Create custom views
If you're a site admin or someone who has been granted access to the Admin Insights project, you can access the Admin Insights data sources directly from Tableau Cloud using Web Authoring or through Tableau Desktop to build custom views. For more information about connecting to Admin Insights data sources, see Use Admin Insights to Create Custom Views.
Example: Which users and groups have access to content?
Use the following steps to create a view that displays which users and groups have access to content.
-
Connect to the Permissions data source.
-
From the Data pane, drag Item Type, Item Name, Item Parent Project Name, and Controlling Permissions Project Name to the Rows shelf. This creates a hierarchical view of your site content and shows how permissions are determined, for example, if permissions are set at the project level or on individual pieces of content.
-
From the Data pane, drag Grantee Name and Grantee Type to the Rows shelf. Adding these dimensions shows the users and groups with access to the content.
-
From the Data pane, drag Capability Type to the Rows shelf. The capabilities for users and groups are displayed.
Do more with your data
Using Tableau Prep, you can join Permissions with other Admin Insights data sources on the following fields to get more visibility into your site. If you're analyzing data from multiple Tableau Cloud sites, you must also join on "Site LUID = Site LUID".
-
Join Site Content to Permissions on "Item LUID = Item LUID" (left join)
-
Join Permissions to TS Users on "User LUID = User LUID"
-
Join Permissions to Groups on "Grantee LUID = Group LUID" (right join)
Tip: To streamline analysis, delete the All Users group rule or edit the rule to remove permissions.
For more information, see Aggregate, Join, or Union Data(Link opens in a new window) in Tableau Prep Help.
Data schema
The following table lists the fields included in the Permissions data source. Each row of data corresponds to a combination of user, content item, and permission capability.
Folder | Field Name | Type | Description |
---|---|---|---|
Capabilities | Capability Type | String | The ability to perform a given action on the item. Options include view, filter, download, or delete and are unique to the item type. |
Permissions Description | String | A description of the permission value. | |
Permission Value | Number | A numerical representation of the effective permissions for a content asset. Lower values indicate precedence. For example, denying a capability to a group (8) is overridden by allowing that capability to a user in the group (7). | |
Grantees | Grantee LUID | String | The LUID of the grantee. Either the user LUID or Group LUID. Primarily used to reference content via the REST API. |
Grantee Name | String | The name of the grantee. Either the user email or group name. | |
Grantee Type | String | The type of the grantee. Either user or group. | |
Items | Controlling Permissions Project Name | String | The name of the project that controls permissions for the nested project. |
Item Hyperlink | String | Full URL to the item on the site. Useful for creating hyperlinks on a dashboard. | |
Item LUID | String | The LUID of the item. The LUID is unique within each item type and site. Primarily used to reference content via the REST API. | |
Item Name | String | Display name of the item. | |
Item Parent Project Name | String | The name of the item’s parent project. | |
Item Type | String | The type of content item. Such as a data source, prep flow, project, or workbook. | |
Top Parent Project Name | String | The name of the item’s top-level project. | |
Site | Site LUID | String | The LUID of the Tableau Cloud site. Primarily used to reference content via the REST API. |
Site Name | String | The name of the Tableau Cloud site. | |
- | Admin Insights Published At | Date-time | Date and time the Admin Insights data source was last published in UTC. |
User Email | String | The email address of the user with effective permission. | |
User LUID | String | The LUID of the user with effective permission. | |
User Site Role | String | The site role of the user. | |
Has Permission? | Calculated field | Tells you if the grantee is allowed access to an item. Does not take into account the Site Administrator capability. Site Administrators will have more permissions than captured by the calculation. |