Verify Folder Permissions
The account the Tableau Server service runs under is referred to as the Run As service account. The Run As service account needs permission to specific folder resources on the Windows computer.
This topic provides:
- An accounting of the permissions that are required by the Run As service account.
- Information about installing Tableau Server in non-default locations.
- How to reapply permissions on an existing Run As service account using TSM.
This topic refers to the drive where Windows is installed as the system drive. The system drive is equivalent to the Windows environmental variable, %WINDIR%
. The drive where Tableau Server is installed is referred to as the install drive.
Resource | System or install drive | File Path | Permissions required |
---|---|---|---|
folder | system | SYSTEMROOT:\windows\system32
|
Read, List folder contents |
executable | system | SYSTEMROOT:\windows\system32\cmd.exe
|
Read & execute |
Drive root | install | root, for example, Local Disk (C:) |
Read, List folder contents |
folder | install | PROGRAMFILES\Tableau\Tableau Server
|
Modify |
folder | install (on system drive) | \ProgramData\Tableau\Tableau Server\
|
Modify |
folder | install (on non-system drive) | \Tableau\Tableau Server\data\
|
Modify |
When you update the Run As service account in TSM, a background process will configure the folder permissions on the Tableau computer for the Run As service account that you specify.
In this case, where you are installing on the system drive into the default folder (C:\Program Files\Tableau), the configuration of folder permissions will be handled by TSM. You do not need to verify or change any folder permissions for this scenario. If you install Tableau Server onto a different drive, you will need to manually configure some permissions.
Installing in a non-default location
If you are installing Tableau Server in a non-default location on a different drive, then you will need to configure permissions on the installation folder for Run As service account as well as the predefined local accounts: Network Service, Local Service, and System.
The following table describes the permissions that are applied if you install Tableau Server in a non-default location. All of these permissions are set on the installation folder, and are inherited by the subfolders and files in the installation folder. These permissions are configured by the Tableau Setup program and are also reconfigured whenever you upgrade Tableau Server to a new version. Changing permissions on these folders may impair functionality.
For more information about different accounts used by Tableau Server, see Windows Accounts and Permissions.
Set permissions for this account: | Permissions required |
---|---|
The user account that is used to install and upgrade Tableau Server | Full control |
The user account that is used to run TSM commands | Full control |
System account | Full control |
Run As service account, Network Service, and Local Service | Read & execute |
Reapplying folder permissions
In some organizations, Group Policy or other system management solutions are used to standardize permissions and accounts on application servers. If your organization runs a such a solution, be sure to configure the system to accommodate the folder permissions required by the Run As service account. If the folder permissions for the Run As service account have been changed, you can use TSM to reapply the permissions. See Changing an existing domain Run As service account to a different account.