Set Permissions as You Publish a Data Source or Workbook

As the publisher of a workbook or data source, you can set permissions as part of the publishing process. Permissions allow or deny other users access to your published content on Tableau Server or Tableau Online. For example, who can interact with views in a workbook, edit them, or save changes to them, who can download a copy of a data source, and so on.

Permissions are separate from the type of access you set on the connection to the data. Accessing some data types requires signing in using a database name and password or embedding database credentials into the connection. For information about that, see Set Credentials for Accessing Your Published Data.

Back to permissions, with few exceptions, your best choice will be to accept the default settings in the publishing dialog box. If you agree, you can return to the Comprehensive Steps to Publish a Workbook, and save some time not reading the rest of this topic.

The remaining sections give context and tips for when you think your workbook or data source might be an exception to the default settings, and shows you how to change the permissions.

About setting permissions during publishing

When you start the publishing process, the dialog box shows the permissions that will be applied. By default, the content you publish takes the capabilities that are already set on the server, typically as they’re set on the project you are publishing to.

As content owner, you can set permissions when you publish

When you change permissions in the publishing dialog box, you are setting capabilities explicitly for the content you’re publishing. The effect is that the workbook or data source you publish no longer inherits changes made at its parent level, such as the project. Depending on your environment, this might be as you intend, or it might conflict with the guidelines your administrator has set and have unintended consequences.

Tips for deciding whether to set permissions explicitly

  • Learn your organization’s practices

    Consult with your Tableau administrator to learn the guidelines for your organization. It’s common (and recommended) practice for an administrator to manage permissions on your Tableau Server or Online site. If you work in such an environment, even if you set permissions during publishing, the person who manages permissions on the server might change these settings afterward.

  • Know the consequences of setting explicit permissions

    In addition to the potential conflicts described earlier, explicit permissions on some content requires extra maintenance to keep track of which content has exceptions, and which exceptions are applied.

  • Publish quickly by accepting the default permissions settings

    If necessary, you or your administrator can update permissions on the server afterward, where you have a more comprehensive view into the effects of your changes.

How to set explicit permissions during publishing

  1. In the publishing dialog box, next to the summary that indicates the current settings, click Edit.

    Edit permissions during publishing

  2. In the popup that appears, do one of the following:

    • To set custom capabilities or assign a role explicitly, select an existing user or group and click Edit, or click Add.

      In the Add/Edit Permissions dialog box, make your changes.

      Click Apply to save changes and keep the dialog box open to configure another user or group. Click OK to close the dialog box.

      Select capabilities or a role explicitly

    • To remove roles or capabilities that are set explicitly, select the user or group, and then click Remove.

Predefined roles you can assign

When you publish a workbook, you can assign any of the following predefined roles to a selected user or group:

  • Viewer: Allows the user or group to view the workbook on the server, as well as add and view comments.

  • Interactor: Allows the user or group to view the workbook on the server, edit workbook views, apply filters, view underlying data, export images, and export data. All other capabilities are inherited from the user’s group and project permissions.

  • Editor: Allows all capabilities to the user or group.

When you publish a data source, you can select from these roles:

  • Data Source Connector: Allows the user or group to connect to the data source on the server.

  • Data Source Editor: Allows the user or group to connect to the data source on the server and to publish, edit, download, delete, set permissions, and schedule refreshes for the data source.

    Note: If you are not the content owner or an administrator, you cannot schedule refreshes directly on the server.

Thanks for your feedback! There was an error submitting your feedback. Try again or send us a message.