Tableau understands that data is among the most strategic and important assets an organization has. We put the highest priority on maintaining the security and privacy of our customers’ data. Tableau enterprise-level security features manage operational security, user security, application security, network security, and data security.
To learn more, see the following resources on Tableau's website (https://www.tableau.com(Link opens in a new window)):
If you sign in to Tableau Online using TableauID credentials, you can use them also to sign in to the Tableau website.
The Tableau Online infrastructure is hosted in a SAS-70 compliant data center that provides numerous controls and safeguards over customer data.
Your data is your own, even when stored in Tableau Online. Only your authorized users have access to data or workbooks stored in Tableau Online—Tableau employees and other Tableau customers do not.
Tableau does have access to and may monitor metrics that have to do with system utilization, account status, and performance.
The only people who have access to your site and content are the users that your site’s administrators have explicitly added to your site. If a user is no longer authorized in your system, simply remove that person’s user account to revoke access to Tableau Online and your content stored there.
Tableau Online enforces an idle session timeout of 2 hours. This means that users will need to re-authenticate after not using Tableau Online for a period of 2 hours. The idle session timeout value is a system setting that cannot be modified.
Your Tableau Account provides secure, unified authentication to Tableau’s website and services.
Some of the security features of Tableau Accounts are:
User sign-in is secured by HTTPS.
Accounts are locked for a period of time after repeated unsuccessful sign-in attempts.
Accounts are validated by user email to prove identity.
Passwords are stored using cryptographic protection. Tableau employees and contractor do not have access to plain-text passwords.
Multi-factor authentication (MFA) can be enabled for accounts that use Tableau authentication (TableauID).
Tableau Online site administrators have the option of using your organization’s identity provider for added control and convenience of users. For more information, see Authentication.
Roles and Permissions
A role is a set of permissions that is applied to a project, workbook, view, or data source to manage user interaction. A wide range of specific permissions is available for each asset: view, create, edit, modify, delete, and more.
All communication between users and Tableau Online is encrypted using SSL for secure transmission of data. Tableau Online supports TLS 1.2 and higher. For more information about TLS support, see the Tableau Knowledge Base(Link opens in a new window). A variety of encryption techniques ensure security from browser to server tier to repository and back. In addition, Tableau has many built-in security mechanisms to help prevent spoofing, hijacking, and SQL injection attacks, and it actively tests and responds to new threats with monthly updates.
The Tableau Online environment is hosted in a multi-tenant configuration providing separation of users, data, and metadata across customers.
Tableau Online eliminates the need to implement VPNs or tunnels into your corporate environment. Many data sources can be captured as extracts and then refreshed on a regular basis. To use automatic refreshes, you need to embed credentials in the connection information for the data source. For Google and Salesforce.com data sources, you can embed credentials in the form of OAuth 2.0 access tokens.
You can define additional security in your workbooks and data sources by adding user and data source filters. Tableau also provides a User Filter capability that can enable row-level data security using the user name, group, or full name of the current user. User filters allow you to set a filter on your data based on the identity of the person viewing the data. For example, the Western Sales Director could see results for sales in the West but not for other regions. You set user filters when you publish workbooks and data sources from Tableau Desktop.
For information on the alternatives you can use to implement row-level security in Tableau, see an Overview of Row-Level Security Options in Tableau.
Tableau Online is hosted on Amazon Web Services (AWS) and is structured so that you can choose the region where your site, and its data, is stored. As a new customer, you can select one of the following regions during the site setup process:
If needed, you can migrate your existing site to a different region through the site migration process. To request this type of change, contact Tableau Support(Link opens in a new window).
Your site is backed up in the selected region on a regular basis. You can verify your site location by signing in to Tableau Online, noting the host name at the beginning of the URL, and then comparing it to the Site Location column in Tableau Online IP addresses for data provider authorization. For example, URLs that begin with 10ax, 10ay, 10az, us-west-2b correspond to the US West - Oregon region. Data corresponding to a site in the US-West Oregon region is stored and backed up in Oregon.
- To request a new site, fill out this web form(Link opens in a new window).
- For more information about the Tableau Online maintenance schedule, see Tableau Online System Maintenance.
User Filtering(Link opens in a new window) (Tableau Help)