Impersonation Requirements

Here’s what you need to use feature:

  • Live connections to SQL Server only: Impersonation can only be used for views that have a live connection to a SQL Server database, version 2005 or newer.

  • Individual database accounts: Each person who’ll be accessing the view must have an explicit, individual account in the SQL Server database to which the view connects. Members of an Active Directory (AD) group cannot be impersonated. For example, if Jane Smith is a member of the AD group Sales, and her database administrator adds the Sales AD group to the SQL Server database, Jane cannot be impersonated.

  • Matching credentials and authentication type: The credentials of each Tableau user's account and their Tableau user authentication type must match their credentials and authentication type in the SQL Server database. For example, if Jane Smith’s Tableau Server user account is MyCo\jsmith, the username on the SQL Server database must also be MyCo\jsmith. SQL Server must be using Windows Integrated Authentication.

  • SQL Server prerequisites: In SQL Server you should have a data security table, a view that enforces data security, and you should require that your database users use the view.

  • SQL IMPERSONATE account: You need a SQL Server database account that has IMPERSONATE permission for the above database users. This is either an account with the sysadmin role or one that has been granted IMPERSONATE permission for each individual user account (see the MSDN article on EXECUTE AS). The SQL Server account must be one of the following:

Thanks for your feedback!