Tableau Row Level Security

DataSelf Web Browser (Tableau Embedded Server) can embed row-level security into a data source. The data that the User sees on a report is pre-filtered according to that User's DataSelf Web Browser login name. This allows a publisher to create a single master report, but every User sees only the records appropriate to that user.

Tutorial on Setting Row Level Security

The Tutorial on Setting Row Level Security uses the example of setting row-level security for Sales reports by salesperson.

The concept:

On selected TDS extract filters, create a filter calculation, like SalespersonFilter, to let users see only the data where the salesperson’s email is equal to their Tableau user login (which is their email address).

UNLESS they are a member of the Data Unlimited Access group.

Security at All Levels

Security Tool

Security Type

Description & Capabilities


User name & Password

Changes to load and refresh features

SQL Data warehouse

User name & Password

Access to data warehouse, view creation, data modification

Tableau Data Source

Row Level Security

Controls who can see each individual row in a particular Tableau data source, such as Sales Invoice.

Tableau Data Source

Column Level Security

Controls who can see each column(dimension/measure) in a particular Tableau data source, such as Cost of Goods Sold or Gross Profit.

Tableau Group Permissions

Group Membership

Groups can be used to control permissions for large areas of the business, datasources, workbooks, and can also be incorporated into the Row Level Security.

Tableau User Permissions

Individual Permissions

Individual permissions can be used as exceptions to group permissions, but will not overwrite row or column level security.

Tableau User Role

Role Assignment

User roles like "Site Admin", "Explorer", "Viewer", and "Unlicensed" can overwrite group/user permissions, work with them, limit them, or revoke them completely, respectively. 

Tableau Server Login

User name & Password

First line of login defense.