How to Set Row-Level Security in Tableau Using Dynamic User Filters

Ensuring data security and privacy is paramount when dealing with business intelligence and analytics. Tableau, a leading data visualization tool, offers robust features to manage data security effectively. One such feature is Row-Level Security (RLS), which restricts data access for different users based on their roles or attributes. This blog post will guide you through setting up Row-Level Security in Tableau using dynamic user filters.

What is Row-Level Security?

Row-Level Security (RLS) controls which rows of data a user can see in a Tableau visualization. It’s essential for ensuring that users only access the data relevant to them, enhancing data privacy and security. Dynamic user filters in Tableau enable the implementation of RLS by dynamically adjusting data visibility based on the logged-in user’s credentials.

Steps to Implement Row-Level Security Using Dynamic User Filters

Use Case: I have sales data from each region and I only want users from that specific region to see the their regional sales; if user A is from South region, he/she is only supposed to see total sales of South Region, not others.

1. Prepare Your Data

Before setting up RLS, ensure your data contains user attributes that will be used for filtering. Using our Superstore dataset, we have a filter called Region, which we will use to as filter to control what a user can see.

This is the regional Sales map without dynamic filter

2. Create a User Attribute Table

Create or connect a separate table that lists users and their corresponding attributes (e.g., title, department, region). This table will be used to filter data dynamically. In this case, I have a separate dataset which contains User full name, Email and Region.

3. Connect and Link

Load both your main dataset and the user attribute table into Tableau. Establish a relationship between your main dataset and the user attribute table. Map the [Region] field in your main dataset to the Region field in your user attribute table.

5. Create a Calculated Field for Dynamic Filtering

Now, create a calculated field that dynamically filters data based on the logged-in user’s attributes. Go to the Data pane, right-click, and select Create Calculated Field. Enter a name for the field (e.g., Login) and use the following formula:

This formula ensures that Tableau filters data based on the current user’s full name, if you use userid instead of name, then you should use USERNAME() function

6. Apply the Filter to Your Visualization

Apply the dynamic user filter to your visualization. Drag the calculated field (Login) to the Filters shelf. Set the filter to show only values where the condition is true. This step ensures that only data relevant to the logged-in user is displayed.

7. Test Your Setup

Test your Row-Level Security setup by logging in as different users and verifying that each user only sees the appropriate data. Tableau’s FULLNAME() function dynamically adapts the data view based on the logged-in user’s credentials.

Before I applied the filter, logged in as Jon Tucker, I can see sales for all region.

After added filter, Jon Tucker can only see East Region

Additional Tips

  • User Groups: If you have multiple users with the same access level, consider using user groups in Tableau for easier management.
  • Performance: Ensure your data relationships and filters are optimized to avoid performance issues, especially with large datasets.
  • Security: Regularly review and update your user attribute table to reflect any changes in user roles or attributes.

Implementing Row-Level Security in Tableau using dynamic user filters is a powerful way to ensure data privacy and security. By following these steps, you can create a secure, dynamic data environment where users only access data relevant to them. As data security continues to be a critical aspect of business intelligence, mastering techniques like RLS will be invaluable for any Tableau user.