welcome [tc18.tableau.com] · data security database user & service account | content...
TRANSCRIPT
![Page 1: Welcome [tc18.tableau.com] · Data Security DATABASE USER & SERVICE ACCOUNT | CONTENT PERMISSIONS | TDE BINARY Network Security CLIENT-SERVER SSL | DATABASE DRIVERS | STRINGENT TRUST](https://reader034.vdocument.in/reader034/viewer/2022050104/5f4309ee9af6a64eeb33202d/html5/thumbnails/1.jpg)
![Page 2: Welcome [tc18.tableau.com] · Data Security DATABASE USER & SERVICE ACCOUNT | CONTENT PERMISSIONS | TDE BINARY Network Security CLIENT-SERVER SSL | DATABASE DRIVERS | STRINGENT TRUST](https://reader034.vdocument.in/reader034/viewer/2022050104/5f4309ee9af6a64eeb33202d/html5/thumbnails/2.jpg)
Welcome
![Page 3: Welcome [tc18.tableau.com] · Data Security DATABASE USER & SERVICE ACCOUNT | CONTENT PERMISSIONS | TDE BINARY Network Security CLIENT-SERVER SSL | DATABASE DRIVERS | STRINGENT TRUST](https://reader034.vdocument.in/reader034/viewer/2022050104/5f4309ee9af6a64eeb33202d/html5/thumbnails/3.jpg)
Data level security with Tableau Desktop
Douglas ChopeSales Consultant
Tableau – SLED
(571) 338 9728
# T C 1 8
![Page 4: Welcome [tc18.tableau.com] · Data Security DATABASE USER & SERVICE ACCOUNT | CONTENT PERMISSIONS | TDE BINARY Network Security CLIENT-SERVER SSL | DATABASE DRIVERS | STRINGENT TRUST](https://reader034.vdocument.in/reader034/viewer/2022050104/5f4309ee9af6a64eeb33202d/html5/thumbnails/4.jpg)
• Douglas Chope: [email protected]
I have spent much time thinking about security – hence the grey hair. I look forward to
an ongoing dialogue on best practices safeguarding your
data in Tableau.
![Page 5: Welcome [tc18.tableau.com] · Data Security DATABASE USER & SERVICE ACCOUNT | CONTENT PERMISSIONS | TDE BINARY Network Security CLIENT-SERVER SSL | DATABASE DRIVERS | STRINGENT TRUST](https://reader034.vdocument.in/reader034/viewer/2022050104/5f4309ee9af6a64eeb33202d/html5/thumbnails/5.jpg)
Agenda
• Data Security & The Three Other Tenets Of Security
• Tableau Desktop Centric Approaches• Hybrid Live Connection & Extract • Hybrid DBMS – Tableau Row Level Security• Row Level Security with Tableau 2018.3• Aggregation, Blurring, Recoding, Redacting
• Tableau Server• Published Data Sources• Data Authentication
![Page 6: Welcome [tc18.tableau.com] · Data Security DATABASE USER & SERVICE ACCOUNT | CONTENT PERMISSIONS | TDE BINARY Network Security CLIENT-SERVER SSL | DATABASE DRIVERS | STRINGENT TRUST](https://reader034.vdocument.in/reader034/viewer/2022050104/5f4309ee9af6a64eeb33202d/html5/thumbnails/6.jpg)
Authentication LOCAL | ACTIVE DIRECTORY | SAML/KERBEROS/OPENID | TRUSTED TICKETS
Authorization SITE ROLE | DEFAULT & CUSTOM PERMISSIONS | INHERTITANCE & OVERRIDE
Data Security DATABASE USER & SERVICE ACCOUNT | CONTENT PERMISSIONS | TDE BINARY
Network Security CLIENT-SERVER SSL | DATABASE DRIVERS | STRINGENT TRUST MODEL
Compliance SARBANES-OXLEY | SOC 2 REPORT | EU-US PRIVACY SHIELD
Security & Compliance
Leverage existing technology standards to securely manage the platform
![Page 7: Welcome [tc18.tableau.com] · Data Security DATABASE USER & SERVICE ACCOUNT | CONTENT PERMISSIONS | TDE BINARY Network Security CLIENT-SERVER SSL | DATABASE DRIVERS | STRINGENT TRUST](https://reader034.vdocument.in/reader034/viewer/2022050104/5f4309ee9af6a64eeb33202d/html5/thumbnails/7.jpg)
Data level security with Tableau Desktop
Thank You For AttendingPlease Reach Out Anytime To Collaborate On Best Practices
Douglas Chope
Sales Consultant
Tableau
(571) 338 9728
![Page 8: Welcome [tc18.tableau.com] · Data Security DATABASE USER & SERVICE ACCOUNT | CONTENT PERMISSIONS | TDE BINARY Network Security CLIENT-SERVER SSL | DATABASE DRIVERS | STRINGENT TRUST](https://reader034.vdocument.in/reader034/viewer/2022050104/5f4309ee9af6a64eeb33202d/html5/thumbnails/8.jpg)
RELATED SESSIONS
Tuesday, October 23Implementing Tableau Server Security10:45am – 11:45pm | MCCNO – L2 - 240
Tuesday, October 23Big Easy Data Security 4:00 – 5:00pm | MCCNO – L2 - 297
Thursday, October 25Tableau Server Security in Depth 4:00 – 5:00pm | MCCNO – L3 - 351
![Page 9: Welcome [tc18.tableau.com] · Data Security DATABASE USER & SERVICE ACCOUNT | CONTENT PERMISSIONS | TDE BINARY Network Security CLIENT-SERVER SSL | DATABASE DRIVERS | STRINGENT TRUST](https://reader034.vdocument.in/reader034/viewer/2022050104/5f4309ee9af6a64eeb33202d/html5/thumbnails/9.jpg)
Please complete the
session survey from the My
Evaluations menu
in your TC18 app
![Page 10: Welcome [tc18.tableau.com] · Data Security DATABASE USER & SERVICE ACCOUNT | CONTENT PERMISSIONS | TDE BINARY Network Security CLIENT-SERVER SSL | DATABASE DRIVERS | STRINGENT TRUST](https://reader034.vdocument.in/reader034/viewer/2022050104/5f4309ee9af6a64eeb33202d/html5/thumbnails/10.jpg)
Core Requirements: Internal Data Collaboration & Public Reporting
Core Requirement Tableau Approach
Restrict PII data Live Connection &
Extract
Prevent the possibility of identifying
individuals within aggregated data
Business Rule Logic in
Calculated Fields
Personalize data to individuals by role Row Level Security
Data Collaboration & Transparency Tableau Server
![Page 11: Welcome [tc18.tableau.com] · Data Security DATABASE USER & SERVICE ACCOUNT | CONTENT PERMISSIONS | TDE BINARY Network Security CLIENT-SERVER SSL | DATABASE DRIVERS | STRINGENT TRUST](https://reader034.vdocument.in/reader034/viewer/2022050104/5f4309ee9af6a64eeb33202d/html5/thumbnails/11.jpg)
Risk: Identifying Individuals Within Aggregated Data --- The Small N Problem
Source: Data Quality Campaign: Understanding Minimum N-Size and Student Data Privacy: A Guide for Advocates June 2017 (pg 2)
![Page 12: Welcome [tc18.tableau.com] · Data Security DATABASE USER & SERVICE ACCOUNT | CONTENT PERMISSIONS | TDE BINARY Network Security CLIENT-SERVER SSL | DATABASE DRIVERS | STRINGENT TRUST](https://reader034.vdocument.in/reader034/viewer/2022050104/5f4309ee9af6a64eeb33202d/html5/thumbnails/12.jpg)
Demo: Data Recoding & BlurringReporting %, Range Bins, Rounding, Aggregating
![Page 13: Welcome [tc18.tableau.com] · Data Security DATABASE USER & SERVICE ACCOUNT | CONTENT PERMISSIONS | TDE BINARY Network Security CLIENT-SERVER SSL | DATABASE DRIVERS | STRINGENT TRUST](https://reader034.vdocument.in/reader034/viewer/2022050104/5f4309ee9af6a64eeb33202d/html5/thumbnails/13.jpg)
Demo – Use of Sets To Suppress Data
![Page 14: Welcome [tc18.tableau.com] · Data Security DATABASE USER & SERVICE ACCOUNT | CONTENT PERMISSIONS | TDE BINARY Network Security CLIENT-SERVER SSL | DATABASE DRIVERS | STRINGENT TRUST](https://reader034.vdocument.in/reader034/viewer/2022050104/5f4309ee9af6a64eeb33202d/html5/thumbnails/14.jpg)
Demo – Suppress All Cells In A Row If Any Of The Cell Values Are Below The Minimum Threshold
![Page 15: Welcome [tc18.tableau.com] · Data Security DATABASE USER & SERVICE ACCOUNT | CONTENT PERMISSIONS | TDE BINARY Network Security CLIENT-SERVER SSL | DATABASE DRIVERS | STRINGENT TRUST](https://reader034.vdocument.in/reader034/viewer/2022050104/5f4309ee9af6a64eeb33202d/html5/thumbnails/15.jpg)
Row Level Security Options
Source: Russ Goldin Tableau Sales Consultant; Tableau Stories v2.0
![Page 16: Welcome [tc18.tableau.com] · Data Security DATABASE USER & SERVICE ACCOUNT | CONTENT PERMISSIONS | TDE BINARY Network Security CLIENT-SERVER SSL | DATABASE DRIVERS | STRINGENT TRUST](https://reader034.vdocument.in/reader034/viewer/2022050104/5f4309ee9af6a64eeb33202d/html5/thumbnails/16.jpg)
Data Row-Level Security: 3 Options
1. Completely managed by database - AUTOMATED
1. Must use Live connections
2. All end users must exist in database
3. End users log in as themselves to the database
2. Hybrid which leverages a user security table in the database, criteria enforced in the “WHERE” clause in Tableau - AUTOMATED
1. Live or Extract
2. Leverage Data Server
3. Use Data Source Filters
1. username()=[user column from security table]
2. Calculated field based on username()
3. Filter is always enforced in “WHERE” clause but transparent to end userKnowledge base article
3. Completely managed in Tableau - MANUAL
1. Live or Extract
2. User Filters built and applied per workbook or datasource
Be
st P
ract
ices
![Page 17: Welcome [tc18.tableau.com] · Data Security DATABASE USER & SERVICE ACCOUNT | CONTENT PERMISSIONS | TDE BINARY Network Security CLIENT-SERVER SSL | DATABASE DRIVERS | STRINGENT TRUST](https://reader034.vdocument.in/reader034/viewer/2022050104/5f4309ee9af6a64eeb33202d/html5/thumbnails/17.jpg)
Do you have an EDW?
Yes?
Do you already have DB credentials for each user?
Yes?
Option #1
No?
Do you have a security mapping table?
Yes?
Option #2
No?
Option #3
No?
Row Level Security: Decision Tree
![Page 18: Welcome [tc18.tableau.com] · Data Security DATABASE USER & SERVICE ACCOUNT | CONTENT PERMISSIONS | TDE BINARY Network Security CLIENT-SERVER SSL | DATABASE DRIVERS | STRINGENT TRUST](https://reader034.vdocument.in/reader034/viewer/2022050104/5f4309ee9af6a64eeb33202d/html5/thumbnails/18.jpg)
In Conclusion - Best Practices
• Leverage the Power of Tableau Desktop to Aggregate, generalize, mask and redact data
• Follow Tableau guidance such as outlined in the Security Hardening Checklist
• Apply all applicable data security in Tableau AND the Database
• Dynamically leverage Live Connections for sensitive data in combination with Extracts for less sensitive data
• Restrict individual users from specific data rows and columns based on a field (role and/or username)
• Published Data Sources, Data Server and the governance of Tableau Server