Tableau Cloud
Early Access: This integration is provided as an Open Authorization API (OAA) connector package. Contact our support team for more information.
Veza Tableau Cloud Connector
Veza Connector for Tableau Cloud supporting users and groups role assignments to Tableau and top level projects.
Proprties
Entity | Property | Description |
---|---|---|
User |
| User's last login date and time |
User |
| User's email |
User |
| User's Tableau site role |
User |
| User's authentication method. |
Group |
| Role name if group is configured to grant role on login |
Project |
| Project's Permission content permission setting. ( |
Project |
| Owner's ID |
Project |
| Owner's display name if available |
Project |
| True if Project permissions includes deny |
Limitations
Tableau permissions represented in Veza are the configured permissions and do not necessarily reflect the effective permission that a user in Tableau may have from the combination of their role and project access. The OAA connector does not represent "Deny" statements and a user who has access through a group but a deny statement will still show access through the group.
Projects that contain deny statements will have the boolean property has_deny_permissions
set to True
.
Tableau Setup
Create a Connected App.
Navigate to Settings -> Connected Apps
Click the New Connected App button and select Direct Trust for the type
Provide a name, allow access to all projects.
After the app has been created generate a new secret
Note the Client ID, Secret ID, Secret Value
Make sure to enable the connected app after creating it
Navigate back to the connected apps page and enable the app
** Apps are created disabled by default, do not skip this step**
Select the app and under the Actions drop down select Enable
Note the hostname for the Tableau URL such as
https://10ax.online.tableau.com
Note the Tableau site name. This is usually displayed under the Tableau logo or the portion of the URL after
/#/site/<site_name>/path
Veza Setup
Generate an API token for your Veza user. For detailed instructions consult the Veza User Guide.
Running the Connector
There are multiple options to run the connector. Instructions are included for running from the command line and building a Docker container.
Command Line
Install the requirements with Python 3.8+:
Export the required environmental variables. Variables not set can be passed via arguments at run time. All parameters can be passed using environment variables if desired. See table below for variable names and descriptions.
Note: On windows environments use
set VARNAME=value
without quotations around the values.Run the connector:
Docker
A Dockerfile
to build a container is included in the repository. Running the container will perform the Tableau Cloud discovery and OAA push then exit. Schedule the container to run on a regular interval.
Build the container.
To run the container, all required parameters must be provided as environment variables.
Application Parameters / Environmental Variables
Parameter | Environmental Variable | Required | Notes |
---|---|---|---|
|
| true | URL of the Veza instance |
N/A |
| true | API token for Veza authentication |
|
| true | URL that the Tableau site is hosted on |
|
| true | Tableau site name |
|
| true | Tableau user to connect as for discovery |
N/A |
| true | Tableau API client ID |
N/A |
| true | Tableau API client secret identifier |
N/A |
| true | Tableau API client secret value |
| N/A | false | Save a copy of the OAA JSON uploaded to the Veza instance to this directory |
| N/A | false | Enable verbose debug logging |
Last updated