Tableau Enterprise

TABLEAU SERVER AND CLOUD SECURITY (9/10): PII

Leave a comment

Is Personal Identifiable Information (PII) data Ok on Tableau server? Yes and no, depends on your organization policy:

  • Does your org have PII policy and classifications?
  • Do you allow PII data on your server or Cloud site? 
  • How to identify Tableau workbooks using PII?
  • How to govern PII on Tableau server?

In my organization, we clarify PII into High Sensitive PII (like SSN, Payment card#) and Sensitive PII (Like drive license, email etc.). High Sensitive PII can’t be on Tableau server as this type of data either should not be stored at all or has to have field level encryption.

Tableau server has Encryption at Rest as well as Transmission (https://). However Tableau server does not support field level encryption, which is why High Sensitive PII data can’t be on Tableau server.

How to ensure High Sensitive PII data not on Tableau server?

My answer again is the ‘after the fact’ governance – scripts to detect any High Sensitive PII data and delete if found.

example of PII deletion notification to content owner

High level workflow is as following:

It has a few parts:

1. Detect PII

  • If data source – database table and columns have PII calcification, the best way is to access the datasource calcification, then use Tableau lineage data to find all Tableau content associated with PII.
  • If data source has no PII clarification at all, we use PII Taxonomy to identify PII (if column name matches with PII Taxonomy), it is likely a PII.

2. Owner confirmation

For PII Taxonomy match, since it is an educated guess, we will ask content owner confirmation before content deletion – if content owner confirms as High Sensitive PII, the scripts will delete marked content.

3. Content Deletion

The workbook or data source deletion will happen if content owner confirms that the detected content is High Sensitive PII

4. PII Tag, No download control etc

If it is not High Sensitive PII, content is Ok to be published on Tableau server.

  • Optionally, we have additional logic to remove any download permissions so no server users can download the data (except the owner since we have no way to remove content owner’s download permission – anyway there is no need to control content owner at all).
  • We also tag workbooks with PII. However Tableau server tags are loosely controlled as tags have no permission controls.
  • For a period of time, we also leveraged out-of-box sensitive data high alert to have pop-up for all PII content. However user feedback is too much extra clicks, and this feature was removed later on.

A few technical implementation details or tips:

  • We use Tableau Prep flows for most of the detect, deletion logic, see details below:
  • Run ‘tsm maintenance metadata-services enable’, catalog data available for Readonly Postgre user without Data Management Add-on!!!!

  • Be aware : Tableau lineage not getting 100% custom SQL lineage

Conclusion: PII detection and deletion is possible on Tableau server as advanced server security governance. So far we deleted more than one hundred workbooks from server.

Leave a Reply