Tableau server has a built-in All Users group in each site. It consists of all users as it is named. It can be useful when you need to share content to all users. However we found that All Users group is a really bad feature for large enterprise server – it is too easy for content owners to mistakenly grant permissions to All Users group unintentionly since it always shows at the top of user & group list when grant permissions. The impact can be huge when a sensitive dashboard is shared mistakenly to All Users.
How to fix this problem? I tried many things and what works is automatically removing any permissions granted to All Users group. Before I share more how to do this, let’s explain what other options I explored and why did not work:
- Can you delete All Users group? Server admin can’t delete it from server UI but I found a way to delete it from Postgre database directly (you will need R/W user/password). The problem is that every user lost his or her permissions after All Users group is deleted. It appears to me that Tableau uses All Users for internal permission process.
- Can you rename All Users group? Server admin can’t All Users group either from server UI but again you can rename it from Postgre database directly (you will need R/W user/password) to something like ZZ_All Users group. Unfortunately it still shows on t
he top even after it is renamed to ZZ_All Users.
How to make sure nobody uses All Users group? Unfortunately I can’t find any other option but delete any possible ‘wrong’ permissions after the fact. It actually works well.
How t query All User group permissions? Pls see the key joins of Postgre. Then set filter out = All Users
You need to join Next_gen_permissions with identities Custom SQL (select ‘User’ as Type, users.id as id, system_users.name as name
from users
join system_users on users.system_user_id=system_users.id
UNION
select ‘Group’ as Type, id, name from groups)
The objects is another custom SQL (select ‘Workbook’ as Type,id,name,site_id from workbooks
UNION
select ‘View’ as Type,id,name,site_id from views
UNION
select ‘Project’ as Type,id,name,site_id from projects)
You can find the workbook @ Unused groups share.twb
You can you Python or Java or whatever your prefered script tool. Run it daily would be good enough.
BTW, this is NOT a Tableau Supported approach, you are on your own risk.
I have a query is there a way to prioritize extract schedules over manual runs schedule on tableau server
Unfortunately no.