My previous post TABLEAU SERVER AND CLOUD SECURITY (9/10): PII and DETECT AND DELETE PII DATA ON TABLEAU SERVER talk about PII detection and deletion scripts. Why and how.
There is another type of concerns related to compartmented secret information on Tableau server got out of hands, like future products, or trade secrets etc. How to protect those type of data?
Here is what I did for my Tableau server to protect trade secret:
Scripts to compare Tableau permissions with trade secrets reference database, send auto email alerts to content owner if discrepancy found.
For example: If trade secrets reference database says that only 3 people are disclosed for the dataset, while Tableau workbook gave permissions to 2 more additional users. Alert email will be sent out.
Let me explain a few key components involved:
1. Trade secrets reference database
This is the single source of the truth about who is allowed to access what secret data. This is outside Tableau. Our Tableau scripts just access this dataset.
2. Linkage between Tableau workbook (or datasource) to the above Trade secrets reference database
Unfortunately there is no such linkage as there is no way to scan the data to tell. Which is why we have to ask content owner to tag the workbook/datasource or project with a specific Trade Secrets code (like ABC-1234). So it is more like a self declaration process.
3. How to find out who has permission to which dashboard?
Using API and SQL to call Tableau’s linage tables, permission tables to figure who has effective permissions for those tagged Trade Secret content.
4. Compare permission difference and send out alert
This concludes this series of TABLEAU SERVER AND CLOUD SECURITY:
- TABLEAU SERVER AND CLOUD SECURITY (1/10): Overview
- TABLEAU SERVER AND CLOUD SECURITY (2/10): External Site
- TABLEAU SERVER AND CLOUD SECURITY (3/10): External Server
- TABLEAU SERVER AND CLOUD SECURITY (4/10): Extension
- TABLEAU SERVER AND CLOUD SECURITY (5/10): Explain Data & Data Story
- TABLEAU SERVER AND CLOUD SECURITY (6/10): Content Owner Left Company
- TABLEAU SERVER AND CLOUD SECURITY (7/10): All Users Group
- TABLEAU SERVER AND CLOUD SECURITY (8/10): Large Group
- TABLEAU SERVER AND CLOUD SECURITY (9/10): PII
- TABLEAU SERVER AND CLOUD SECURITY (10/10): Trade Secrets