How to Use Column Level Security in Tableau
Introduction:
In the previous post, some techniques were explained to implement row level security in Tableau. In some scenarios, column level security is necessary, for example, in case of hospital data where the physician is allowed to see all the data for patients, the nurse may have restricted access just to only certain columns for those patients. As Tableau does not allow column level security, some possible workarounds are mentioned in this post to incorporate column level security.
How to Achieve Column Level Security:
1) Filter columns at the source
A user function, ismemberof(), can be used to implement column level security filters in Tableau. At first, several groups are created on server (or cloud) and members are assigned to this group. Permissions can be assigned to those groups for accessing appropriate data.
Suppose we want to hide the column named “Tax Rate”, then from the Tableau desktop, create a calculated field as shown below. The desired “B” group will only contain those members having access to this column.
Next, hide the original column in Tableau and create a dashboard just using this new field instead.
Finally publish this dashboard to Tableau Server (or Tableau Cloud).
A demonstration is shown below that a user belonging to group B can view the data, however another user from a different group cannot view anything.
This technique is difficult for scaling as it requires time consuming manual efforts such as creating and maintaining multiple groups and multiple calculated fields. It is best suitable in case of just a few columns. Caution is needed while choosing the new column’s name, because although the restricted users cannot see its contents, they can still be able to see the column name as it appears in their data pane.
2) Creating multiple dataset and dashboard instances
By creating multiple subsets of the source data, it is possible to create data connections on an ad-hoc basis. Those data subsets can have limited columns (or rows) for targeting specific user groups. A Tableau developer can then create dashboards just by using such data subsets.
For a data administrator, it is easy to create and manage several subsets of the source data, because the data delivery can be automated via the ETL process. However, for a Tableau developer this may not be an ideal scenario, because it involves additional time and effort for preparing and managing the new content and handling multiple versions of the same dashboards.
3) Impersonation when accessing the database
Some databases such as Microsoft SQL Server can be configured with security level based on user permissions. When connecting to such databases from Tableau, the data connection can be set-up with “impersonation.”
To enable securitylevel , the data source is published on Tableau server with the admin credentials, and any user who can access the published data source in Tableau Server will access it through the impersonation option which will automatically restrict the columns based on user permissions.
Summary:
There are several ways to achieve column level security. Tableau developers can assess their situation and implement the best possible scenario.