This serial is about the Tableau server and Tableau Cloud security. Tableau has a Platform Security white paper that covers Authentication, Authorization, Data Security and Network Security. It is a good documentation, however I find that it is hard to explain to non-tech audiences about those security components. Instead, I created the following security model and found that regular audiences got those very easily:
Let me double click for each of the areas, it will be something like those below:
- Infrastructure: covers network, SSO, InfoSec, server OS, etc.
- Tableau App Configuration: This is application level, in other words, Tableau server or site or Cloud level. Some of those things are configurable. The rest of blogs will talk about each of those areas with intent to maximize the security.
- External user site/server
- Site Segmentation
- User Visibilities
- User provisioning
- Encryption
- Extension
- Explain Data
- Sensitive Lineage Data
- ConnectedApp
- Mobile Security
- Token
- Guest Account
- Tableau Governance layer: A possible thin layer of governance processes or/and scripts to further enhance the Tableau server security. Those are more advanced work and need Tableau server Postgre readonly user. I am not sure how to apply those to Cloud yet.
- User deletion
- Project setup
- ‘All User’ permissions
- Delete inactive content
- Re-subscription
- PII data deletion or flag
- Sensitive data protection
- Publish and Permission: Those are content owner’s responsibilities. No matter how good Tableau server or Cloud is configured, content owns can still mess up the data & content security. Business self-service content owners have to follow departmental data access guidances and grant access permissions accordingly. Those are covered in my other blogs and I do not plan to explain more here :
- Workbook Permission
- Project Permission Locking
- Row Level Security
- Sensitive Data Tagging
- PII
Check out next blog TABLEAU SERVER AND CLOUD SECURITY (2/10): EXTERNAL SITE