I two tables one is actual data and second one is user names data as like below
I blended these data, implemented charts using tableau and published into server. In tableau server we have only two users one is "admin" and second one is "tableau_user". These dashboards are hosted to another company website where users can access the dashboard by login into the company's website.
I want to provide RLS for this dashboard, like when "user1#iofw.io" is logged in then i have to show only "AMM" data and so on..
How we can achieve this in tableau.
Related
All of the following options leak all your accounts CloudWatch data.
1. Sharing dashboards via AWS console
Warning
All people who you share the dashboard with are granted the permissions listed in Permissions that are granted to people who you share the dashboard with for the account. If you share the dashboard publicly, then everyone who has the link to the dashboard has these permissions.
The cloudwatch:GetMetricData and ec2:DescribeTags permissions cannot be scoped down to specific metrics or EC2 instances, so the people with access to the dashboard can query all CloudWatch metrics and the names and tags of all EC2 instances in the account.
Reference: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch-dashboard-sharing.html
2. Adding CloudWatch datasource to Grafana and permit user access to the dashboards in scope only
For example: In a Grafana instance with one data source, one dashboard, and one panel that has one query defined, you might assume that a Viewer can only see the result of the query defined in that panel. Actually, the Viewer has access to send any query to the data source. With a command-line tool like curl (there are lots of tools for this), the Viewer can make their own query to the data source and potentially access sensitive data.
Reference: https://grafana.com/docs/grafana/latest/administration/security/
3. Cross account sharing
Same problem arises that all accounts CloudWatch data is being shared.
Reference: https://docs.aws.amazon.com/ram/latest/userguide/getting-started-sharing.html
Cumbersome approach:
Build a backend service that fetches the dashboard relevant data and exposes it in a format that can be read by Grafana. Afterwards one still has to build a dashboard based on that data. Is there an easier way?
We have a national client, with more than 3,000 agents with their own landing pages within their website: example.com/john-doe-agent/state-USA
They want these agents to have access to the Google Analytics data, but only for their specific landing page. They do NOT want the agents to have have access to the whole company's analytics.
What is the best way for these agents to access to their data without having access to the entire site's data?
Any help is appreciated.
Thanks.
Options not applicable in your case:
Filtered views: you could create views filtered at landing page level, however you're limited to 25 views by default so this won't scale.
GA Permissions: permissions aren't granular enough to restrict access to certain content type
Applicable options:
Email dashboards: setup your dashboards to send periodic emails: https://support.google.com/analytics/answer/1038573?hl=en
External Reporting tool: use a tool like Google Data Studio to create/share those dashboards with specific people (not sure you can create 3000 dashboards though).
I have a website which will be used to show dashboards created in Tableau Desktop and published in Tableau Online.
I wanted to use Tableau Javascript API to access the dashboard to show it to users, but I don't want my web users to login to Tableau online.
My question is simply that "Can Tableau Javascript API be used to login to Tableau Online in the background and then fetch dashboards/views from it..?"
Based on my reading of the authentication documentation, there are three options:
Tableau Public requires no authentication for users to see visualizations. Tradeoffs: visualizations are static and public, and your storage space is limited. Ref: this forum discussion.
Tableau Online requires user login.
Tableau Server requires
user login, unless you configure it to say that requests from your
web server are always from trusted users. (See Trusted Authentication.) But even then, I think the license agreement requires that they be licensed users. You can license Tableau Server by # of cores instead of # of users though, in which case Tableau Server allows you to set up a Guest user that can access views anonymously.
So the short answer to your question appears to be no, not with Tableau Online. You have other options, but you either have to live with Public's limits or you'll need your own server, running Tableau Server. Even then you'd need to pay for each user to be licensed to access the product, unless you purchase a license based on # of cores, not # of users.
I am fairly new to Power BI. I have two questions/clarifications:
Question 1:
I was wondering What type authentication is supported by Power BI datasets. I will explain with an example below:
Consider I have a Power BI dataset and some charts (a dashboard) in Power BI. The datasource is Rest WCF service on my premises. The users are my organizational users. The OData service is an HTTPS endpoint. I was wondering if authentication would work in that case? Would I be able to authenticate the user in this case. As my knowledge goes if the call to my rest service has a token in header, I would be able to call my STS and validate the user.
My question is when the dataset is refreshed, the call to my service (which is made from Power BI) does it also include a Token in the call header. I am assuming it would be because the user is already logged on to power BI using his/her organizational credentials. Can someone please confirm.
Question 2:
This question is again about user access/authentication. Consider that my organization has many users which have different level of access to data (some users would see more data/ some less based on user id). I develop some power BI datasets (models) and some dashboards. I as developer have access to all data, so essentially see all data. I then share them to end users.
The question is when any user uses the shared dashboards and refreshes the dataset, will his access (authentication) work and he sees only those data that he should ?
I am confused as to how this would work. Is it that when an user adds a shared dashboard into his profile, would he/she have his own copy of the dashboard/dataset or will it be an shared one. If it is a shared one then I guess the access thing would not work.
Please advise/suggest.
Girija
First question: if your data sources uses basic authentication it should work. You would build your Excel file or Power BI Desktop file to point to your data source, ensure it refreshes and then publish to the Power BI service. If you're looking for OAuth, then that is not something you can do on your side yet.
Second question: depends on how you implement your solution. If you're using the a REST API, the data is retrieved as the user who entered their credentials. So if you share your report built on your data source, then the people you share with see your data. However, if you use something like Analysis Service tabular as the data source, you can implement row level security in Analysis Service tabular, your users would instead login as themselves and see just the data they have permission to.
Does anyone know if there is a way to retrieve the number of members a FB Group had on a certain date?
The usecase is that I want to make a historical graph of member-growth.
A hack could be to check when current members joined, but then you'd miss all members that have joined and left.
Reading some other discussions, it seems like there is no Insight data available for groups, only registered domains, pages and page posts. You won't be able to access historic data directly. You can start measuring now and build up your graph of membership growth by accessing the group/members API regularly (You can use cron to do this in a lightweight way and add the data to your database).
Not so sure with Facebook groups, but with the Facebook App, you can record the access token of the users for later use. Or you can store member id and date they joined in your database. Heroku provide Postgres for that. For the free cronjob, you can use like setCronjob.com to regularly schedule the offline jobs like gathering and calculating the statistic based on the user data that you stored.