Tableau Cloud

Early Access: This integration is provided as an Open Authorization API (OAA) connector package. Contact our support team for more information.

Veza Tableau Cloud Connector

Veza Connector for Tableau Cloud supporting users and groups role assignments to Tableau and top level projects.

Proprties

Entity Property Description

Entity	Property	Description
User	`last_login_at`	User's last login date and time
User	`email`	User's email
User	`site_role`	User's Tableau site role
User	`auth_setting`	User's authentication method.
Group	`grants_role`	Role name if group is configured to grant role on login
Project	`content_permissions`	Project's Permission content permission setting. (`ManagedByOwner` or `LockedToProject`)
Project	`owner_id`	Owner's ID
Project	`owner_name`	Owner's display name if available
Project	`has_deny_permissions`	True if Project permissions includes deny

User

last_login_at

User's last login date and time

User

email

User's email

User

site_role

User's Tableau site role

User

auth_setting

User's authentication method.

Group

grants_role

Role name if group is configured to grant role on login

Project

content_permissions

Project's Permission content permission setting. (ManagedByOwner or LockedToProject)

Project

owner_id

Owner's ID

Project

owner_name

Owner's display name if available

Project

has_deny_permissions

True if Project permissions includes deny

Limitations

Tableau permissions represented in Veza are the configured permissions and do not necessarily reflect the effective permission that a user in Tableau may have from the combination of their role and project access. The OAA connector does not represent "Deny" statements and a user who has access through a group but a deny statement will still show access through the group.

Projects that contain deny statements will have the boolean property has_deny_permissions set to True.

Tableau Setup

Create a Connected App.
1. Navigate to Settings -> Connected Apps
2. Click the New Connected App button and select Direct Trust for the type
3. Provide a name, allow access to all projects.
After the app has been created generate a new secret
1. Note the Client ID, Secret ID, Secret Value
2. Make sure to enable the connected app after creating it
Navigate back to the connected apps page and enable the app
1. ** Apps are created disabled by default, do not skip this step**
2. Select the app and under the Actions drop down select Enable
Note the hostname for the Tableau URL such as https://10ax.online.tableau.com
Note the Tableau site name. This is usually displayed under the Tableau logo or the portion of the URL after /#/site/<site_name>/path

Veza Setup

Generate an API token for your Veza user. For detailed instructions consult the Veza User Guide.

Running the Connector

There are multiple options to run the connector. Instructions are included for running from the command line and building a Docker container.

Command Line

Install the requirements with Python 3.8+:
```
pip3 install -r requirements.txt
```
Export the required environmental variables. Variables not set can be passed via arguments at run time. All parameters can be passed using environment variables if desired. See table below for variable names and descriptions.
```
export VEZA_API_KEY="Zdkemfds..."
export TABLEAU_CLIENT_ID="D23073D0-A0FE-448C-....."
export TABLEAU_SECRET_ID="7659DCEA-FBE0-4218-....."
export TABLEAU_SECRET="QTJG...I3Cg=="
...
```
Note: On windows environments use set VARNAME=value without quotations around the values.

Run the connector:

./veza_tableau_cloud.py
    --veza-url https://example.vezatrial.ai \
    --tableau-url https://13en.online.tableau.com \
    --tableau-site acme-prod \
    --tableau-user user@example.com

Docker

A Dockerfile to build a container is included in the repository. Running the container will perform the Tableau Cloud discovery and OAA push then exit. Schedule the container to run on a regular interval.

Build the container.
```
docker build . -t veza_tableau
```

To run the container, all required parameters must be provided as environment variables.

docker run --rm \
 -e TABLEAU_URL="https://13en.online.tableau.com" \
 -e TABLEAU_SITE="acme-prod" \
 -e TABLEAU_USER="user@example.com" \
 -e TABLEAU_CLIENT_ID="D23073D0-A0FE-448C-....." \
 -e TABLEAU_SECRET_ID="7659DCEA-FBE0-4218-....." \
 -e TABLEAU_SECRET="QTJG...I3Cg==" \
 -e VEZA_URL="https://customer.vezacloud.com" \
 -e VEZA_API_KEY="ZXlKaGJHY2lPaUpJVXpJM.....=" \
 veza_tableau

Application Parameters / Environmental Variables

Parameter Environmental Variable Required Notes

Parameter	Environmental Variable	Required	Notes
`--veza-url`	`VEZA_URL`	true	URL of the Veza instance
N/A	`VEZA_API_KEY`	true	API token for Veza authentication
`--tableau-url`	`TABLEAU_URL`	true	URL that the Tableau site is hosted on
`--tableau-site`	`TABLEAU_SITE`	true	Tableau site name
`--tableau-user`	`TABLEAU_USER`	true	Tableau user to connect as for discovery
N/A	`TABLEAU_CLIENT_ID`	true	Tableau API client ID
N/A	`TABLEAU_SECRET_ID`	true	Tableau API client secret identifier
N/A	`TABLEAU_SECRET`	true	Tableau API client secret value
`--save-json`	N/A	false	Save a copy of the OAA JSON uploaded to the Veza instance to this directory
`--debug`	N/A	false	Enable verbose debug logging

--veza-url

VEZA_URL

true

URL of the Veza instance

N/A

VEZA_API_KEY

true

API token for Veza authentication

--tableau-url

TABLEAU_URL

true

URL that the Tableau site is hosted on

--tableau-site

TABLEAU_SITE

true

Tableau site name

--tableau-user

TABLEAU_USER

true

Tableau user to connect as for discovery

N/A

TABLEAU_CLIENT_ID

true

Tableau API client ID

N/A

TABLEAU_SECRET_ID

true

Tableau API client secret identifier

N/A

TABLEAU_SECRET

true

Tableau API client secret value

--save-json

N/A

false

Save a copy of the OAA JSON uploaded to the Veza instance to this directory

--debug

N/A

false

Enable verbose debug logging

PreviousSumo Logic NextTrello

Last updated 6 months ago