Impersonate with a Run As Service Account

Impersonating via a Run As service account is the recommended way to perform impersonation. The Run As service account is an Active Directory user account the Tableau Server service can run under on the machine hosting Tableau Server (see Run As Service Account). This same account must have IMPERSONATE permission for the database user accounts in SQL Server. From a data security standpoint, using the Tableau Server Run As service account for impersonation gives the administrator the most control.

To set up impersonation with a Run As User account:

  1. When you configure Tableau Server during installation, select Active Directory as the identity store and specify the user account with IMPERSONATE permission as the Run As service account. See Configure Initial Node Settings.

    If you installed Tableau Server with the identity store configured to use Active Directory, then you can set the Run As service account after you have installed. See Change the Run As Service Account.

  2. Create a workbook in Tableau Desktop. When you create the data connection, select Use Windows NT Integrated security for the workbook's live connection to a SQL Server database:

  3. In Tableau Desktop, publish the workbook to Tableau Server (Server > Publish Workbook).

  4. In the Publish dialog box, click Authentication, then in the Authentication dialog box, select Impersonate via server Run As account from the drop-down list:

  5. Click OK.

  6. Test the connection by signing into Tableau Server as a user. When you click a view, you should not be prompted for database credentials and you should only see the data the user is authorised to see.

Thanks for your feedback!Your feedback has been successfully submitted. Thank you!