400 998 0226设置权限和所有权
- 版本 :2022.1 及更高版本
权限确定用户如何与工作簿和数据源等内容进行交互。
权限在权限对话框中设置,或通过REST API.在对话框顶部,权限规则为组或用户配置功能。下面,权限网格显示用户的有效权限。
有几个相互关联的主题讨论如何考虑、设置和管理权限。主要议题包括:
本主题介绍基础知识、如何为项目和其他内容设置权限规则,以及特定方案的权限注意事项。
权限功能和模板,其中详细介绍了用于构建权限规则的各种功能。
使用“项目管理权限”,包括使用项目管理权限以及嵌套和锁定的项目如何影响权限。
有效权限,涵盖如何评估权限规则以及如何确定最终权限。
权限、站点角色和许可证,介绍权限如何与站点角色和许可证交互,以确定用户可以在站点上执行的操作。
此外,如果存在数据管理加载项,则外部资产的权限还有其他注意事项。有关详细信息,请参阅管理外部资产的权限。
权限基础知识
项目和组
Tableau 网站使用项目来组织内容,使用群组来组织用户。当权限规则符合以下条件时,管理权限会更容易:
在项目级别设置,而不是在单个内容上设置。
为团体而非个人而设。
只能为已存在的用户、组、项目或内容建立权限。有关创建用户和组、创建项目和发布内容的详细信息,请参阅管理用户和组、使用项目管理内容访问权限和发布数据源和工作簿.
功能和权限规则
权限由功能组成,即执行查看内容、Web 编辑、下载数据源或删除内容等操作的能力。权限规则确定用户或组在内容上允许或拒绝哪些功能。
注意: 在一般情况下谈论权限时,通常会看到类似“用户必须具有删除权限”之类的短语。这在广泛的背景下很容易理解。但是,在技术级别(如本文中所示)使用权限时,更准确地说是“删除功能”。在本主题中,我们将使用更精确的术语功能,但您应该知道,您可能会在其他地方看到权限。
许可证级别、站点角色和可能的多个权限规则之间的相互作用会影响用户最终确定可以执行或不能执行的操作。对于每个用户,这将成为他们的有效权限。有关详细信息,请参阅有效权限。
某些任务(如从浏览器创建新工作簿(Web 制作)或移动内容)可能需要对多个功能进行特定配置,而不是在单个功能中捕获。有关详细信息,请参阅特定方案的权限设置。
设置权限
权限规则在项目级别、内容级别或从 Tableau Desktop 发布内容时以不同的方式设置。
注意:“项目权限”一词可以有两种含义。项目本身具有权限功能(“查看”和“发布”),用于控制用户与项目交互的方式。对于其他内容类型,还有项目级权限规则的概念。在本文中,“项目级权限”是指工作簿、数据源以及在项目的权限对话框中配置的其他内容的权限规则。这与可以在特定工作簿、数据源等上设置的“内容级”权限规则相反。
对于管理员、项目所有者和项目负责人
在项目级别设置权限:
导航到项目
打开“操作”菜单 (...),然后单击“权限”。
将打开权限对话框。此对话框有两个主要区域:顶部的权限规则和下面的有效权限网格。每种内容类型都有一个选项卡。下图显示了“工作簿”选项卡。
With a row selected at the top, the effective permissions grid populates. Use this to verify permissions. Hovering provides information about why the capability is allowed or denied for that specific user.
To modify an existing permission rule, select the appropriate tab for that content type and click a capability.
To create a new rule, click + Add Group/User Rule and start typing to search for a group or user. For each tab, choose an existing template from the drop-down box or create a custom rule by clicking the capabilities.
When finished, click Save.
One click sets the capability to Allowed, two clicks sets it to Denied, and a third click clears the selection (Unspecified).
Tip: Permission rules set at the project level act as a default for content saved in that project and any nested projects it contains. Whether those project-level default rules are enforced or only preliminary depends on the content permission setting. This setting can be configured in two ways, either Locked or Customizable. For more information, see Lock content permissions.
Tip: By default, all users are added to an “All Users” group that has basic permissions for content. To start with a clean slate when building your own permission rules, we recommend that you delete the rule entirely or edit the rule for All Users to remove any permissions (set the permission role template to None). This will help prevent any ambiguity down the road by reducing the number of rules that applies to any given user and therefore making effective permissions easier to understand.
Permission settings for specific scenarios
Certain actions require combinations of permission capabilities and possibly site roles. The following are some common scenarios and their necessary permission configurations
Saving, publishing, and overwriting
In the context of permissions, saving is essentially publishing. As such, the Overwrite and Save a Copy capabilities can only be given to users with a site role that allows publishing: Administrator, Creator, or Explorer (can publish). Explorer or Viewer site roles can’t publish, overwrite, or save a copy.
(Prior to version 2020.1, the Publish and Overwrite capabilities were called Save, and the Download Workbook/Save a Copy capability was called Download Workbook/Save As.)
The Publish capability for a project allows a user to publish content into that project.
The Overwrite capability allows a user to save over an existing piece of content. By saving over the content, the user becomes the owner of that content. The Overwrite capability also allows users to edit minor aspects of existing pieces of content, such as the description for a metric or the synonyms for a data role. Editing the existing content in this way doesn't change the owner of the content.
The Save a Copy capability allows a user to save a new copy of the content. This is usually done in conjunction with web authoring and means the user can save their modifications.
It’s important to note that users aren’t able to Save or Save As a piece of content unless they have the Publish capability for at least one project, because all content must be published into a project. Without the Publish capability at the project level, the content can’t be published.
In web editing, the Save option in the File menu only appears to the content owner. If a user who is not the owner has the Overwrite capability (allowing them to save the content), they must use File > Save As and name the workbook the exact same name. This prompts a warning that they are about to overwrite the existing content, which they can do. Conversely, a user with only the Save a Copy capability trying to use the same name gets an error stating they don’t have permission to overwrite the existing content.
If a user who is not the content owner overwrites content, they become the owner, with all the permissions that entails. The original owner’s access to the content is then determined by their permissions as a user rather than the owner.
Note: Download Workbook/Save a Copy is a joint capability for workbooks. Explorers can be given this capability but they are only able to download the workbook, not save a copy. Giving the capability to Explorer (can publish), Creator, or Administrator site roles gives them both the ability to download workbooks and save a copy.
Web Editing and Web Authoring
Web editing and web authoring allows users to edit or create workbooks directly in the browser. Starting in version 2020.4, Tableau Prep Builder supports web authoring for flows.
The permission capability is called Web Edit and the site setting is called Web Authoring. This section will refer to any web-based editing or publishing action as web authoring.
To enable this functionality, there are several requirements.
Site setting: Web authoring must be turned on for the entire Tableau site. See Set a Site's Web Authoring Access. Without this setting enabled, no users can create new workbooks or edit existing workbooks from the browser, even if they have the web edit capability.
User site role: The user must have the appropriate site role.
Viewers can never web edit.
Explorers can be given the web edit capability but can’t publish. Essentially, they can use web editing to answer deeper questions based on existing content on the fly, but can’t save their edits.
Explorers (can publish) or Site Administrator Explorers can publish, but they can only use data that is already published to the site.
Creators, Site Administrator Creators, and Server Administrators can publish and create new data sources.
Permission capabilities: The user must have the necessary permission capabilities based on the desired functionality.
Required Permission Capability Settings
| Desired functionality | Minimum Site Role |  Web Edit |  Download/ Save a Copy |  Overwrite (workbook) | Publish (project) |  Connect (data source) |
| Web author without being able to save | Explorer |  Allow |  Deny | Deny | Optional | Allow |
| Web author and save as new content | Explorer (can publish) | Allow | Allow | Deny | Allow | Allow |
| Web author and save (overwrite) content | Explorer (can publish) | Allow | Allow | Allow | Allow | Allow |
| Web author with new data and save new content | Creator | Allow | Optional | Optional | Allow | Optional |
Optional indicates this capability is not involved in the desired functionality
Data access for published Tableau data sources
Data sources published to a Tableau site can have native authentication as well as permissions within the Tableau environment.
When the data source is published to the Tableau site, the publisher can choose how to Set Credentials for Accessing Your Published Data which addresses how data source credentials are handled (such as requiring users to log into a database or enter their credentials for Google Sheets). This authentication is controlled by whatever technology holds the data. This can be embedded when the data source is published, or the data source publisher can choose to prompt the user for their credentials to the data source. For more information, see Publish a Data Source.
There are also data source capabilities that allow or deny users the ability to see (View) and connect to the published data source (Connect) in the context of Tableau. These capabilities are set like any other permissions in Tableau.
When a workbook is published that uses a published data source, the author can control how the Tableau authentication will behave for someone consuming the workbook. The author sets the workbook’s access to the published data source, either as Embed password (using the author’s Connect access to the data source) or Prompt users (using the Connect access of the person viewing the workbook), which may require data source authentication as well.
When the workbook is set to Embed password, anyone who looks at the workbook will see the data based on the author’s access to the data source.
If the workbook is set to Prompt users, the Tableau-controlled access is checked for the data source. The person consuming the workbook must have the Connect capability for the published data source to see the data. If the published data source is also set to Prompt user, the viewer must also enter their credentials for the data source itself.
| Workbook authentication to the data source | Data source authentication to the data | How data access is evaluated for someone consuming the workbook |
| Embed password | Embed password | User sees the data as if they were the workbook author |
| Embed password | Prompt user | User sees the data as if they were the workbook author. (The author is prompted for data source authentication, not the user.) |
| Prompt user | Embed password | User must have their own Connect capability to the published data source |
| Prompt user | Prompt user | User must have their own Connect capability to the published data source and are prompted for their credentials to the underlying data |
Note that this applies to consuming a workbook, not web editing. To web edit, the user must have their own Connect capability.
Move content
To move an item, open its Action menu (...) and click Move. Select the new project for the item, then click Move Content. If Move is unavailable or there are no available destination projects, verify the appropriate conditions are met:
Administrators can always move content and projects to any location.
Project leaders and project owners can move content and nested projects among their projects.
Note that non-administrators can’t move projects to become top-level projects
Other users can move content only if all three of the following requirements are met:
Creator or Explorer (Can Publish) site role.
Publishing rights (View and Publish capabilities) for the destination project
Owner of the content, or—for workbooks and flows—having the Move capability.
When a project is moved, the permissions for its content might change.
Project leaders or project owners always gain permissions for items moved into their projects.
When a project is moved into a locked (including nested) project, the permission templates for the locked project are enforced on the moved project and all its content and nested projects. (Note that this might strip the user moving the project of their ability to move it again if they don’t have the correct permissions in the locked project.)
When a project is moved into an unlocked project (customizable), the existing permissions are retained for the moved project and its content. If the project leader status has only implicitly been granted (from a higher-level project), that status is removed, though any explicitly set project leader status is retained.
Metrics
Metrics are created from views in published workbooks. Users can create metrics if they:
Are a Creator or Explorer (can publish) site role
Have the Publish capability on a project
Have the Create/Refresh Metric capability for the relevant workbook
For more information, see Create and Troubleshoot Metrics and Set Up for Metrics.
Note: Prior to 2021.3, the ability to create a metric on a view was controlled by the Download Full Data capability.
Because metrics are independent content, it’s important to note that the permissions for metrics are managed independently from the view they were created from. (This is unlike data-driven alerts and subscriptions, where the content of the alert or subscription can only be seen if the user has the correct permissions for the view itself.)
Although the capabilities for metrics are straightforward, the View capability should be considered carefully. It may be possible for a workbook with restricted permissions to be the basis for a metric with more open permissions. To protect sensitive data, you might want to deny metric creation for specific workbooks.
Metrics display data from their owner’s perspective
When you create a metric, you capture your perspective of the data from that view. This means that any users who can access your metric will see the data as it appears to you. If the data in the view is filtered based on your credentials, the data you see might be different from what other users see when they access the same view. Limit the View capability for your metric if you're concerned about exposing your perspective of the data.
Show or Hide Sheet Tabs
In the context of published content, sheet tabs (also referred to as tabbed views) is a distinct concept from sheet tabs in Tableau Desktop. Showing and hiding sheet tabs in Tableau Desktop refers to hiding sheets in the authoring environment. For more information, see Manage Sheets in Dashboards and Stories.
Showing and hiding sheet tabs (turning tabbed views on or off) for published content refers to navigation in a published workbook. When sheet tabs are shown, published content has navigational sheet tabs along the top of each view.
This setting is also impacts how permissions function and may have security implications (see note).
Note: It is possible to have the View capability for a view without the View capability for the workbook or project that contain it. Normally if a user lacks the View capability for a project and workbook, they would not know those assets exist. If they have the View capability for a view, however, a user may be able to see the project and workbook name when looking at the view, such as in the navigational breadcrumb. This is expected and accepted behavior.
Turn off tabbed views to allow independent view permissions
Although it is not recommended as a general practice, there are times when it can be useful to set permissions on views independently of the workbook that contains them. To do so, three conditions must be met:
The workbook must be published—there is no way to set view permissions during publishing.
The workbook must be in a customizable project.
The workbook can’t show sheets as tabs (tabbed views must be hidden).
When a workbook shows sheets as tabs, all views inherit the workbook permissions and any changes to the workbook permissions affect all of its views. When a workbook in a customizable project does not show tabbed views, all views assume the workbook permissions upon publication, but any subsequent changes to the workbook’s permission rules will not be inherited by the views.
Changing the configuration of sheets as tabs on a published workbook will also impact the permission model. Show Tabs will override any existing view-level permissions and reinstate the workbook-level permissions for all views. Hide Tabs will break the relationship between the workbook and its views.
To configure sheets as tabs on a published workbook, open the Actions menu (...) for the workbook and select Tabbed Views. Choose Show Tabs or Hide Tabs as desired.
To configure sheets as tabs during publishing, refer to Show sheets as tabs.
To set view-level permissions, see Set permissions on content.
Important: In a customizable project, any modifications to the workbook-level permissions will not be applied if navigational sheet tabs are hidden (aka tabbed views are off). Changes to permissions must be made on individual views.
Collections
Unlike projects, which contain content, a collection can be thought of as a list of links to content. Project permissions can be inherited by the content in the project, but permissions for a collection have no affect on the content added to the collection. This means that different users might see different numbers of items in a collection, depending on which items they have permission to view. To make sure that users can see all items in a collection, adjust the permissions for those items individually.
Permissions for a collection can be changed either by using the permissions dialog or by granting access upon sharing a collection, if you’re an administrator or the collection owner. For more information, see Manage Collection Permissions.
Private collections
When a collection is created, it is private by default. A private collection appears on the owner’s My Collections page, but it doesn't appear in the list of all collections on a site. Private collections are simply collections with no permission rules added. Unlike other types of content, collections don't have the “All Users” group added by default. When you add permission rules to a collection, it is no longer flagged as private. To return a collection to a private state, remove the permission rules.
Private collections can be viewed by the collection owner as well as by administrators, whose site role gives them effective permissions to view all collections.
Explain Data
When Explain Data is available, a user can select a mark in a view and click Run Explain Data in the mark’s Tooltip menu. A combination of settings must be enabled to make Explain Data available in editing mode and viewing mode.
Requirements for authors to run Explain Data or edit Explain Data settings in editing mode:
Site setting: Availability of Explain Data set to Enable. Enabled by default.
Site role: Creator, Explorer (can publish)
Permissions: Run Explain Data capability set to Allowed. Allowed by default.
Note: The Download Full Data capability for a Creator or Explorer (can publish) controls whether they see the View Full Data option in Extreme Values explanations. Viewers are always denied the Download Full Data capability. However, all users can see record-level details when the Extreme Values explanation type is enabled in Explain Data settings.
Requirements for all users to run Explain Data in viewing mode:
Site setting: Availability of Explain Data set to Enable. Enabled by default.
Site role: Creator, Explorer, or Viewer
Permissions: Run Explain Data capability set to Allowed. Allowed by default.
Workbook setting: Allow Explain Data to be used in this workbook when viewed online selected in the Explain Data Settings dialog box. Not allowed by default.
To allow all users (including Viewer site role) to run Explain Data in viewing mode, the workbook author must select the option Allow Explain Data to be used in this workbook when viewed online in the Explain Data Settings dialog box. For more information, see Control Access to Explain Data.
询问数据镜头
默认情况下,站点角色为“资源管理器”(可以发布)和“创建者”的用户具有镜头的覆盖功能。这意味着具有相应角色的任何用户都可以编辑镜头的名称、说明、字段、同义词和建议的问题。
要限制谁可以编辑镜头,请拒绝特定用户或整个组的覆盖功能。若要限制项目中的所有镜头,请在项目级别拒绝镜头的覆盖功能。