Data Governance in Tableau Semantics

Dataspace Permissions

You must have permission to access the dataspace where a semantic model resides. Without this access, the model doesn’t appear. Dataspace permissions form the foundation of governance in Tableau Semantics, establishing which models are visible before additional security policies are applied.

Policy Layers: ABAC, OLS, FLS, and RLS

After a model is visible, Data 360 security policies control access to the underlying data. These policies include Attribute-Based Access Control (ABAC), Object-Level Security (OLS), Field-Level Security (FLS), and Record-Level Security (RLS).

• ABAC determines your access to a semantic model. If you don’t have access to fields or objects in a semantic model, you can view or extend the semantic model.
• OLS determines which objects in the data space you can access. If you’re denied access to a required object, the object is hidden, and the semantic model can be viewed or extended (but not edited), indicated by a lock icon next to the model name. Restricted objects can't be viewed, edited, or queried.
• FLS works similarly for individual fields within objects. If a required field is restricted, it’s completely removed from your view and can’t be used in design or queries. Like with OLS, if any required field is inaccessible, the semantic model can only be viewed or extended. Restricted fields can't be viewed, edited, or queried.
• RLS operates at the record level, filtering data dynamically based on criteria, such as organizational hierarchies, roles, or territories.

Deny policies always override allow policies. If you don’t have access to any required object or field because of OLS or FLS, ABAC prevents you from editing the semantic model directly. This behavior protects sensitive data at both the design and the query stages.

Administrative Access

Admins with high-level permissions such as View All Records or Modify All Records have broader visibility. They can open semantic models and see the full metadata, including objects and fields that are normally restricted. Admins can also share the model even if they aren't the owner.

If the admins also have Modify All Records permission, they can manage models even when normal policies block editing. However, queries sometimes return limited results or fail if the requested data uses fields or objects they don't have access to, or is filtered by RLS, or is blocked by a deny policy.

Sharing and Collaboration

Semantic models can be shared with other users through access roles: Viewer, Editor, and Owner.

• Viewers can open the model and interact with it but can’t make changes.
• Editors can modify the model.
• Owners have full control: they can edit the model, manage access by sharing it with other users, and delete the semantic model. Ownership can’t be transferred.

With sharing, you can open a model even if you wouldn’t otherwise see it in the catalog, but it doesn’t override Data 360 security policies. You can open the model, but ABAC, OLS, FLS, and RLS still determine which objects, fields, and records you can access. For example, if you are an Editor, you can extend but not edit a model if an OLS policy blocks access to a required object. In the extended model, you don’t have access to objects or fields blocked by OLS or FLS. Certain functionality of the semantic model may be blocked, such as creating relationships to a restricted object.

In Tableau Semantics, sharing is primarily a collaboration feature. Actual data governance remains strictly enforced by dataspace permissions and security policies.

End-To-End Protection

Together, dataspace permissions, ABAC, OLS, FLS, and RLS provide layered protection for semantic models. This structure ensures that sensitive data remains secure throughout the entire lifecycle, from model creation to query execution, without relying on sharing or collaboration features to manage access.