Tableau Enterprise

TABLEAU SERVER AND CLOUD SECURITY (7/10): All Users group

Leave a comment

Tableau Cloud or server has one built-in user group : All Users. It is group available in any site.

All Users can be very connivence for content that can be shared to every Cloud or server user.

However in large organization, it likely ends up a lot excess permissions. I used to receive emails asking why he or she has access to a dashboard that the user has nothing to do with it. The user can’t tell if dashboard is shared to All Users as only content owner or project leaders can tell. This is where I realized that All Users group caused more problem than benefits for large org.

Something that I found when a publisher was not sure which group to use, he or she just used All Users group causing excess permission.

I last a few years, I tried many different ways to get rid of this All Users group. Unfortunately I have to give it up as I found that Tableau uses this built-in All Users for its own permission process.

Another thing that I do not like this group is that it always shows on the top of group list during permission process. Then I tried to rename All Users group to something like ZZ All Users (do not use) with intent to let this group show to the bottom of the group but failed as well.

Then I had to come with what I call : ‘After the fact’ governance approach:

Detect and delete All Users group used in any permission.

The Python scripts will delete any permission uses All Users group, and then send email alert to the content owner. The scripts is scheduled to run hourly to minimize potential excess permission issue. Below is how the alert looks like

What content we check? The scripts checks all type of content: workbook, data source, flow, project, virtual connection, Metrics, Data Role, Lense, etc

Here is how it works:

How to have exception for the above process?

You can add exception to some projects or content owner if you do have use cases where content needs to be shared to everyone on the server site.

Conclusion : This All Users group permissions detection and deletion is a good safe net to govern Tableau server security. This scripts helped me out in many security review process

Leave a Reply