Security in the Cloud
Tableau understands that data is among the most strategic and important assets an organization has. We put the highest priority on maintaining the security and privacy of our customers’ data. Tableau enterprise-level security features manage operational security, user security, application security, network security, and data security.
To learn more, see the following resources on Tableau's website (https://www.tableau.com):
Tableau Online Security in the Cloud white paper.
If you sign in to Tableau Online using TableauID credentials, you can use them also to sign in to the Tableau website.
The Tableau Online infrastructure is hosted in a SAS-70 compliant data center that provides numerous controls and safeguards over customer data.
Your data is your own, even when stored in Tableau Online. Only your authorized users have access to data or workbooks stored in Tableau Online—Tableau employees and other Tableau customers do not.
Tableau does have access to and may monitor metrics that have to do with system utilization, account status, and performance.
The only people who have access to your site and content are the users that your site’s administrators have explicitly added to your site. If a user is no longer authorized in your system, simply remove that person’s user account to revoke access to Tableau Online and your content stored there.
Tableau Online enforces an idle session timeout of 2 hours. This means that users will need to re-authenticate after not using Tableau Online for a period of 2 hours. The idle session timeout value is a system setting that cannot be modified.
A user’s TableauID is based on the user’s email address, and it provides unified, secure authentication to Tableau Online, the Tableau website, the Tableau Customer/Partner Portal, and the Tableau community forums.
Some of the security features of TableauID are:
User sign-in is secured by HTTPS.
The password policy enforces strong passwords.
Accounts are locked for a period of time after repeated unsuccessful sign-in attempts.
Accounts are validated by user email to prove identity.
Passwords are stored using cryptographic protection, and no Tableau employee or contractor has access to plain-text passwords.
If you enable SAML support on your site, users sign in with their single sign-on credentials, managed with a third-party identity provider.
Roles and Permissions
A role is a set of permissions that is applied to a project, workbook, view, or data source to manage user interaction. A wide range of specific permissions is available for each asset: view, create, edit, modify, delete, and more.
All communication between users and Tableau Online is encrypted using SSL for secure transmission of data. Tableau Online supports TLS 1.2 and higher. For more information about TLS support, see the Tableau Community post. A variety of encryption techniques ensure security from browser to server tier to repository and back. In addition, Tableau has many built-in security mechanisms to help prevent spoofing, hijacking, and SQL injection attacks, and it actively tests and responds to new threats with monthly updates.
The Tableau Online environment is hosted in a multi-tenant configuration providing separation of users, data, and metadata across customers.
Tableau Online eliminates the need to implement VPNs or tunnels into your corporate environment. Many data sources can be captured as extracts and then refreshed on a regular basis. To use automatic refreshes, you need to embed credentials in the connection information for the data source. For Google and Salesforce.com data sources, you can embed credentials in the form of OAuth 2.0 access tokens.
You can define additional security in your workbooks and data sources by adding user and data source filters. Tableau also provides a User Filter capability that can enable row-level data security using the user name, group, or full name of the current user. User filters allow you to set a filter on your data based on the identity of the person viewing the data. For example, the Western Sales Director could see results for sales in the West but not for other regions. You set user filters when you publish workbooks and data sources from Tableau Desktop.
Tableau Online is structured so that customers control where their data is stored. New customers can select their preferred region – currently either North America or Europe – when setting up their Tableau Online site. If needed, existing customers can migrate their data to a different region through the site migration process. Please direct site migration requests and questions about the migration process to Tableau Technical Support.
There are three site locations for Tableau Online: US West, US East, and EU West. Customer data is hosted and backed up in the selected region on a regular basis. You can verify your site location by logging in to Tableau Online and noting the host name at the beginning of the URL. For example, URLs beginning with 10ay indicate US West and URLs beginning with dub01 or eu-west-1a indicate EU West. For the list of Tableau Online host names and site locations, see Keep Data Fresh.
User Filtering (Tableau Help)