It is not uncommon to share your Tableau dashboards to your vendor users or partner users, like vendor performance KPI data. To avoid surprises, it is better for vendors to know exactly how your company evaluates their specific business process metrics, Tableau can be a perfect tool for it. All it needs is to grant external user your Tableau server workbook permissions.
There are many more data security questions when your Tableau platform has external users. Do you need a peer review process when new data is shared to external users? How to avoid vendor A to see vendor B data? How to avoid silly mistakes to share internal data to external users? etc. Some of those are business process controls. And the big question we are trying to answer here is HOW TO SEGMENT INTERNAL VS EXTERNAL FROM PLATFORM LEVEL?
This setup is what I have in production:
- One External site for all vendors.
- All external users can only be provisioned to this external site.
- Site special config User Visibility as Limited.
Key benefits are :
- Avoid the mistake to share internal data to external since external users are NOT provisioned to any other places other than External site and only limited publishers.
- User Visibility = Limited prevents vendor A user to see vendor B user names. This is a great Tableau feature and it disables all the following automatically for Explorers and Viewers:
- Sharing
- Who has seen this view?
- Ask Data usage analytics
- Data-Driven Alerts
- Comments
- Public Custom Views
- Request Access
- Avoid a lot potential on-going maintenances comparing with one site per vendor approach.
- This setup works for both Tableau server and Tableau Cloud
Check out next blog for alternative solution if your org can’t have mixed internal and external users on one server at all.