# Tableau #### Overview The Veza integration for Tableau enables gathering Users, Groups, and Projects for the business intelligence platform. The integration supports both Tableau Cloud and Tableau Server (version `2023.1` or greater). #### Configuring Tableau The Veza integration for Tableau leverages [Tableau connected apps](https://help.tableau.com/current/online/en-us/connected_apps_direct.htm) to authenticate with the Tableau API. The steps below outline how to configure a connected app to access Tableau. 1. Create a connected app: 1. Sign in to Tableau as a site admin. 2. Navigate to the **Settings** page. 3. Select the **Connected Apps** tab on the settings page. 4. Select the **New Connected App** dropdown button, and select the **Direct Trust** option. 2. A dialog box will appear. In the dialog box: 1. Give the connected app a name. 2. Select the **All Projects** option in the **Applies to** dropdown. 3. Select the **Create** button. 3. Enable the connected app: 1. Select the actions menu next to the name of the connected app, and select **Enable**. 4. Generate a secret 1. Navigate to the details page of the connected app 2. Select the **Generate New Secret** button. 3. You will need the client ID, secret ID, and secret value to configure the Tableau integration on Veza. #### Configuring Tableau on the Veza Platform 1. On the Veza **Integrations** page, add a **Tableau** integration with the following fields: 2. **Name** - Name for the integration 3. **URL** - URL of the Tableau instance. You can find this in the address bar of your browser when viewing the Tableau site to be integrated. For example, a Tableau Cloud URL might look like this: `https://us-west-2b.online.tableau.com`. 4. **Username** - Username (email address) of the account used to connect to Tableau. 5. **Site** - The name of the site. 6. **Client ID** - The client ID of the connected app. 7. **Secret ID** - The ID of the secret generated for the connected app. 8. **Secret** - The value of the secret generated for the connected app. 9. **CA Certificate** (Optional) - A PEM-format, base64-encoded certificate authority certificate. Only required for self-managed Tableau Server deployments where the server's TLS certificate is issued by a private or internal CA. When provided, Veza will trust that CA for connections to Tableau. If extraction is completing successfully, this field is not needed. Tableau Cloud (SaaS) customers do not need to configure this field. {% hint style="info" %} If you need to provide a CA certificate, obtain the PEM-encoded issuing certificate for your Tableau Server from your IT or infrastructure team. This is not a certificate you generate yourself. {% endhint %} #### Notes and Supported Entities **Tableau User** | Attributes | Notes | | --------------- | ------------------------------------------------------------ | | `id` | Tableau user ID | | `name` | Name of the user. Uses email or ID if name is not configured | | `last_login_at` | Timestamp of the last time the user logged in | | `email` | Email of the user | | `site_role` | Site role given to the user | | `auth_setting` | The sign-in method for the user | **Tableau Group** | Attributes | Notes | | ------------- | ----------------------------------------------------------------------------------------- | | `id` | Tableau Group ID | | `name` | Name of the group | | `grants_role` | The name of the site role that a user belonging to the group is assigned once they log in | **Tableau Project** | Attributes | Notes | | ---------------------- | --------------------------------------------------------------------------------------- | | `id` | Tableau project ID | | `name` | Name of the project | | `content_permissions` | User permissions for the contents of the project | | `owner_id` | Tableau user ID of the owner of the project | | `has_deny_permissions` | Boolean value that indicates whether the project is configured to deny user permissions | **Limitations** Tableau permissions shown in Veza represent the *configured* permissions for a user, and do not necessarily reflect the *effective* permissions when a project is configured to deny access to certain groups or users. Projects that contain deny statements will have the boolean property `has_deny_permissions` set to `True`. **Tableau Roles** Users and groups can be assigned the following roles: * Unlicensed * Viewer * Creator * Explorer * ExplorerCanPublish * SiteAdministratorExplorer * SiteAdministratorCreator In addition to the above roles, users and groups can be assigned the following roles for project access: * ProjectReader - Has read permission to a project. * ProjectWriter - Has write permission to a project. * ProjectLeader - Is the leader of a project. Has read and write permissions. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.veza.com/4yItIzMvkpAvMVFAamTf/integrations/integrations/tableau.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.