Tableau is a popular tool that helps people turn data into useful charts and reports. One of its important features is called Row Level Security (RLS). This feature helps keep data safe by allowing you to control which rows of data a user can see. In simple terms, RLS makes sure that users only see the data they are allowed to view.
This blog will explain what Row Level Security is, how it works, and why it is important. We will also walk you through how to set it up in Tableau.
What is Row Level Security (RLS)?
Row Level Security (RLS) is a feature in Tableau that allows you to filter data at a very detailed level. Instead of creating separate reports for each user, RLS lets you make one dashboard or report, and Tableau will automatically show each user only the needed data.
For example, let’s say you have a sales report for a company with different regions. Using RLS, a manager in the "North" region will only see the sales data for that region, and a manager in the "South" region will only see the sales data for that region. It is all done automatically based on the user’s credentials.
Why Should You Use Row Level Security?
There are several good reasons to use RLS in Tableau:
Data Privacy:Â Some users should not see all the data. For example, an employee in the HR department might only need to see data about employees in their department. RLS ensures that sensitive data stays secure.
One Report, Many Users:Â You do not have to create separate dashboards or reports for each user. With RLS, you can create one report, and Tableau will automatically filter the data for each user.
Easy Management:Â Instead of managing multiple reports, you can manage access in one place. RLS makes it easier to control what each person can see without extra work.
How Does Row Level Security Work?
Row Level Security in Tableau works by filtering the data based on the user who is viewing the report. Here is how it works in a few simple steps:
Step 1: Identify the User
Tableau can figure out who is viewing the report by using something called USERNAME() or USER() functions. These functions return the name of the logged-in user.
Step 2: Create a Security Table
Next, you create a security table that links each user to the data they are allowed to see. For example, you might have a table like this:
Username | Region |
john.doe | North |
jane.smith | South |
admin | All |
This table tells Tableau which data each user should see.
Step 3: Use a Calculated Field
Now you create a calculated field in Tableau. This field uses the USERNAME() function to filter data based on the user.
For example:
IF USERNAME() = 'john.doe' THEN 'North'
ELSEIF USERNAME() = 'jane.smith' THEN 'South'
ELSE 'All' END
This calculated field will automatically show data for the North region to John, the South region to Jane, and all regions to the Admin.
Step 4: Apply the Filter
Once the calculated field is ready, Tableau uses it to automatically filter the data, ensuring that users only see the rows they are allowed to view.
User Functions available in Tableau
These user functions are used while creating the reports to restrict the data from user visibility. The functions are:
FULLNAME(): It is the display name provided while creating the user account on the Tableau server.
 e.g. FULLNAME = [Person Name]
ISFULLNAME(): This function checks if the given name is the display name of the user.
 e.g. ISFULLNAME("name1") or ISFULLNAME("name2")
ISMEMBEROF(): This is the most commonly used filter by Tableau developers to create row level security at the data source level. This function checks if the user is a member of a specific User Group. For instance, the user group may be the designation or region of the user, etc.
 e.g. ISMEMBEROF("East")
USERDOMAIN(): This function checks if the user belongs to a specific domain.
 e.g. USERDOMAIN() = [Domain]
ISUSERNAME(): This function checks if the given values are in the user ID list.
 e.g. ISUSERNAME("id1") or ISUSERNAME("id2")
USERNAME(): It is the login ID of the user to connect to the Tableau server. It might also be an emailID.
 e.g. USERNAME() = [userID]
We can find all these functions in the window while creating the calculated field:
Common Uses for Row Level Security
Regional Reports:Â If your company has sales data for different regions, you can set up RLS so that each regional manager only sees the data for their region.
Employee Data:Â HR personnel should only see data about employees in their department. RLS helps ensure that people only see what they need to.
Client Reports: If you manage data for multiple clients, RLS allows each client to see only their data, without others being able to access it.
Multiple Business Units:Â In large organizations with many divisions, RLS ensures that each division can only see their data, even though they share the same Tableau instance.
How to set up Row Level Security in Tableau?
Option 1: Data Source Filters
One of the easiest and most efficient ways to apply RLS is by setting up data source filters. These filters are applied to the entire data source and restrict the data based on the user’s role or group. Here is how you can do it:
On the Tableau Data Source page, click the "Add" button in the top right corner to create a Data Source Filter. Add a filter that limits access based on the user’s region, department, or any other criteria. Tableau will apply this filter automatically when the user views the report.
To edit the Data Source filters, go to the "Data" menu and select "Edit Data Source Filters."
Option 2: Workbook Level Filters
Here is how you can create workbook-level filters:
Create a calculated field that filters the data based on the user (as we showed earlier). Apply the calculated field as a filter to your reports.
To edit the filters, select the "Data" menu and click on the "Edit Data Source Filters" option.
Best Practices for Row Level Security
To get the most out of Row Level Security, here are a few tips:
Plan User Access: Before setting up RLS, decide who should see what data. A clear plan helps make the process smoother.
Test, Test, Test: Always test your RLS setup by logging in as different users. Make sure each user can only see the data they should.
Keep It Simple: Do not overcomplicate things. Simple security rules are easier to manage and less likely to cause problems.
Monitor Access: Regularly check who has access to what data. You can use Tableau’s audit logs to track data access.
Performance Matters: While RLS is useful, it can sometimes slow down your reports. Keep an eye on performance, especially if you have complex security rules.
Conclusion
Row Level Security (RLS) in Tableau is a powerful tool that uses the USER functions to determine the Full Name, User name, Domain, or User Group of the end-user and filters the report accordingly. This feature reduces the redundant work of creating separate reports for each user. It helps protect sensitive information and simplifies report management. Whether you are dealing with regional sales, employee data, or multiple clients, RLS makes data security easier and more efficient. By following best practices and testing your setup, you can use RLS to create secure, user-friendly reports without the hassle of managing separate dashboards for every user.