The document discusses Tableau's security model, which includes authentication, authorization, data security, auditing, and network security components. Authentication verifies user identities and can use local, Active Directory, LDAP, or external authentication. Authorization uses role-based access control to determine user permissions. Data security protects sensitive data through features like data source authentication, row-level security, and encryption of data in transit and at rest. Network security secures communication using methods such as network segmentation, SSL/TLS encryption, firewalls, and VPNs.

1. Tableau Security Model

2. Agenda
 Introduction
 Authentication
 External Authentication
 Authorization
 Data Security
 Auditing and Monitoring
 Network Security
 Methods for Network Security

3. Introduction
• The Tableau Security Model is a set of mechanisms and features that are
used to protect data and resources on the Tableau Server platform. The
security model is composed of three main components:
(1)Authentication- This component of the security model is used to verify
the identity of users who are trying to access the Tableau Server platform.
(2)Authorization- This component of the security model is used to
determine what actions a user is allowed to perform on the Tableau
Server platform.
(3)Data Security- This component of the security model is used to protect
sensitive information and ensure compliance.
(4)Network Security- It helps to secure the communication between Tableau
Server and clients, as well as the data stored on Tableau Server.

4. Authentication
Authentication methods are as follows:
 Local authentication- This method uses the built-in user accounts and password in the Tableau Server to authenticate
users.
 Active directory- This method uses an existing Active Directory infrastructure to authenticate users.
 LDAP- This method uses Lightweight Directory Access Protocol (LDAP) servers, such as Microsoft Active Directory, to
authenticate users.
 External authentication providers- This method uses an external authentication provider, such as SAML, to authenticate
users.

5. External Authentication
Tableau Server supports the ability to use external authentication providers to authenticate users. Examples are active
directory, LDAP, SAML, Oauth, and OpenId Connect.
Following are the benefits of using external authentication providers :
 Single sign on
 Centralised Identity Management
 Scalability
 Compliance and auditing
 Integration
 Security
 Cloud based support

6. Authorization
The role-based access control (RBAC) model is a method of controlling access to resources based on the roles. Tableau Server
has five built-in roles that can be assigned:
 Server Administrator- This role has access to all of the features and settings in Tableau Server and can perform all
administrative tasks
 Site Administrator- This role has access to all of the features and settings within a specific site and can perform site-level
tasks
 Publisher- This role can create, edit, and publish workbooks and data sources, as well as create and manage projects and
schedules.
 Interactor- This role can view and interact with workbooks and data sources, but cannot publish them.
 Viewer- This role has the most limited access, they can only view workbooks and data sources.

7. Data Security
Tableau Server includes several data security features that help to ensure that sensitive data is protected and only accessible
to authorized users:
 Data source authentication
 Row-level security
 Data source filters
 Data extract and Data connection security
 Secure communication
 Auditing and logging
 Data governance

8. Auditing and Monitoring
Tableau Server includes several auditing and monitoring features that allow organizations to track and monitor user activity,
resource usage, and system performance. These features include:
 Auditing
 User auditing
 Performance monitoring
 Alerts
 Health check
 Reports
 Logs

9. Network Security
Network security is a critical component of protecting Tableau Server and the sensitive data it holds, as it helps to ensure that
data transmitted between Tableau Server and clients are protected and that data stored on Tableau Server is secure.
The following are the best practices for securing the Tableau server’s network:
 Enforce secure protocols and encryption for all network communication.
 Use a firewall to restrict access to Tableau Server to authorized IP addresses.
 Configure Tableau Server to use a trusted and secure certificate for HTTPS communication.
 Use a VPN to secure communication between Tableau Server and remote clients.

10. Methods for Network Security
 Network Segmentation- Network segmentation is the process of dividing a computer network into smaller sub-
networks, or segments, in order to limit the spread of network-based attacks and to restrict access to sensitive data.
 Security of Tableau server data in transit- Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are
cryptographic protocols that are used to encrypt data in transit between Tableau Server and clients. SSL and TLS are used
to establish a secure and private communication channel between Tableau Server and clients, ensuring that data
transmitted between them is protected from eavesdropping and tampering.
 Security of Tableau server data at Rest- Encryption is a method of protecting data at rest by converting plaintext data
into an unreadable format called ciphertext. Encryption at rest can be used to protect sensitive data that is stored on
Tableau Server, such as data in the data repository, backups, and data extracts. Encryption can be done in 2 ways: Disk-
level encryption and Encrypting data extract.