You are here:
Data Governance in Tableau Next
Tableau Next follows the data governance permissions and policies defined in . Access to data in is controlled first by data spaces, then by policies. Permission sets grant access to data spaces. Policies allow or deny access to data at an object, field, or record level.
Required Editions
| View supported editions. |
Learn About Data Governance
Review these concepts before implementing data governance.
Know Your Audience
When planning your implementation, determine what data your Tableau Next users will need to access. Work with your Salesforce Administrator and your Data Cloud Architect to create and assign the custom permissions and permission sets and implement the data tags and policies you'll need.
Governance Basics
Data access is built in layers.
- Permissions
- Permissions grant access to data spaces. This foundational layer ensures that only users with assigned permissions can access a data space and its contents.
- Policies
- Policies allow and deny access to objects, fields, and records within data spaces.
Policies are created by choosing whether the policy allows or denies access, selecting
the target data (objects, fields, or records), and identifying a group of users by
defining criteria based on custom permissions or user attributes. A deny policy will
override an allow policy.
For example, a user who is allowed to see the Payment object can see all the fields on Payment. If a deny policy is applied to the Credit Card field on the Payment object, that user won't be able to see the Credit Card field or its contents.
- Sharing
- Sharing an asset within Tableau Next allows another user to view or edit it but doesn't override the permissions and policies that apply to that user.
Governance Concepts
Familiarize yourself with data governance terminology.
- Attribute-Based Access Control (ABAC)
- Allows or denies access to data based on attributes of the user, the data, or the environment.
- Allow All Policy
- On by default in , this policy allows access to all objects in a data space for all users. An admin needs to disable this policy before creating granular governance controls.
- Data Tagging
- Labels attached to data assets (objects, fields, and records) that can be used in policies to control access to the tagged asset.
- Field-Level Security (FLS)
- Controls access to specific fields on objects within data spaces.
- Object-Level Security (OLS)
- Controls access to objects within data spaces.
- Record-Level Security (RLS)
- Controls access to individual records in an object. RLS can be expanded with joins to other data sources, such as Manager, Role, and Territory hierarchies, to manage access based on other criteria, like vertical reporting chains, horizontal roles, or regional associations.
- Role-Based Access Control (RBAC)
- Defined as part of a permission set and controls which data spaces and which objects and fields within those data spaces users can access.
- Users with View All Records or Modify All Records and Deny Policies
- A user with one of these powerful permissions can see object and field metadata, even if a deny policy restricts their access to the data in that object or field. This allows them to interact with the objects and fields in semantic models, visualizations, metrics, and other places without seeing the contents.
User Experience
A Tableau Next user will see only data assets they have been granted access to through permissions and policies in and have sharing access to in Tableau Next. If a user doesn’t have access to a data asset it won’t appear in semantic models, visualizations, metrics, or other areas of the Tableau Next interface.
