Tableau Row Level Security Per AD Group
- 1 What is Row Level Security Per AD Group?
- 2 Step 1 - Create your Active Directory (AD) Group
- 3 Step 2 - Request your AD Group be added to Tableau Server
- 4 Step 3 - Create your AD Group Security Assignments
- 5 Step 4 - Add your data source and your security assignments
- 6 Step 5 - Add your AD Group Membership Check
- 7 Step 6 - Filter your workbook for members only
- 8 Additional Notes
What is Row Level Security Per AD Group?
Row level security limits the rows seen by a user based on the AD group they are a member of and a set of criteria. Two AD groups will see the same fields but different counts based on their security assignments.
Step 1 - Create your Active Directory (AD) Group
Your local IT team can help you create an AD group.
BIA recommends using the following naming stucture
TeamName-Project-BI-Developer for the group of developers who will be building reports
TeamName-Project-BI-Consumer for the group of users who will be viewing or using the reports
To see existing AD groups and membership see https://ucsdcollab.atlassian.net/wiki/spaces/ACP/pages/11177701 .
Step 2 - Request your AD Group be added to Tableau Server
Email busintel@ucsd.edu to inquire if your AD group is already on the Tableau Server and also to request that your AD group be added to Tableau Server.
Step 3 - Create your AD Group Security Assignments
This can be an excel you upload into your workbook or a data source you connect your workbook to. At the very least, the security assignments must include (1) Active Directory Group Name and (2) key field that you want to assign.
Note: the AD Group Names must match in capitalization to the AD tool.
Example By Department:
Department Code | Department | AD Group | AD Group Purpose |
000254 | AQUARIUM-MUSEUM | All Users | Not an AD group - default Tableau group for all with Tableau access. |
002061 | COMMUNITY CARE CARDIOLOGY | All Users | Not an AD group - default Tableau group for all with Tableau access. |
000414 | BOOK STORE | EAH-Developers | Report Developers with access to EAH |
000601 | CELL & DEVELOPMENTAL BIOLOGY | SAH-Developers | Report Developers with access to SAH |
000152 | CNTR ENERGY RESEARCH | ACT_BI_ADMINISTRATOR | Old BIA AD Group |
000326 | CELLULAR & MOLECULAR MEDICINE | RA-BI-Developers | Report Developers with access to RAH |
The key field you use can be Department Code, Project Code, Financial Unit Code, Employee ID, Student ID, Building ID, etc…
Step 4 - Add your data source and your security assignments
You will be blending two data sources. Add your data source and your security assignments to your workbook.
Step 5 - Add your AD Group Membership Check
Add your key field from each data source to your display along with your AD Group field.
Create a calculated field to determine if the user is a member of the AD Group(s). Add to your display.
You should see results like this:
Step 6 - Filter your workbook for members only
Add your calculated field to the filters and filter for only True.
You must be a member of at least one AD Group in your Security Assignment data source in order to continue to see data.
Apply this filter to all worksheets you would like.
Additional Notes
You can create multiple Data Source Connection fields and filter on them as long as the key field is in both data sources.