Skip to content
LeadAfrik
Module 11 of 1250 min readMixed

Publishing, Tableau Server, and row-level security

Workbook governance, scheduled extract refreshes, user filters for row-level security. The non-glamorous half that decides whether dashboards survive in an organisation.

92%

Listen along

Read “Publishing, Tableau Server, and row-level security” aloud

Plays in your browser using on-device text-to-speech — nothing leaves the page.

Learning objectives

By the end of this module, you should be able to:

  • 01Publish a workbook to Tableau Server or Tableau Cloud
  • 02Schedule extract refreshes and understand who can see what
  • 03Apply user filters for row-level security

An analyst who builds a great workbook but doesn't publish it well leaves most of the value on the table. The dashboards that survive in organisations are the ones with refresh schedules, permission models, and named owners. The polish that gets a dashboard renewed in next year's licensing budget all happens in Tableau Server / Cloud.

Publishing

  • Server → Publish Workbook. Pick the destination project (folder).
  • Choose embedded vs published data sources. Published = shared across many workbooks, refreshed once. Embedded = lives in the workbook, refreshed with it.
  • Set permissions: who can View, Edit, Save As, Download. Default to least privilege.
  • Schedule extract refresh: hourly, daily, weekly. Daily 6am is the most common.

Row-level security with user filters

User filters let you ship one workbook where Sales East Africa sees only EA data, Sales West Africa sees only WA, and the VP sees all of it. Two approaches:

  • Simple user filter: right-click a dimension → Create User Filter. Assign which users see which values. Fine for small user lists.
  • Calculation-based: a calc that references USERNAME() and joins against a permissions table. Scales to thousands of users.
text
// Calculation-based row-level security
User-region match =
  USERNAME() = [Region Owner Email]
  OR USERNAME() IN ('vp@company.com', 'cfo@company.com')  -- override list


// Drag this calc to the Filter shelf and set 'True'.
// Each user now sees only rows where their email matches the region owner.
Calculation-based RLS pattern. The permissions table is a small fact table mapping rows to allowed users — joined into the data source.

Tableau Cloud vs Tableau Server

Same product, different hosting. Cloud is Tableau-hosted (was 'Tableau Online'); Server is self-hosted on your infrastructure. Cloud is easier to set up and maintain, costs more per user. Server gives you control over data residency, custom URLs, and integrations. Most teams under 500 users go Cloud; regulated industries and large enterprises go Server.

Governance basics

  • Certified data sources: a curated, governed data source that other workbooks reference. The single source of truth for 'what is a customer?'.
  • Projects: folders with their own permissions. 'Marketing' project, 'Finance' project, etc.
  • Subscriptions: scheduled email reports of dashboards. Users get a PDF in their inbox at 7am Monday.

Exercise

If you have Tableau Cloud or Server access, publish a workbook. Set up an extract refresh schedule and a user filter. Subscribe yourself to a daily PDF of one of the dashboards. Then download the workbook back to Desktop — does the user filter follow? What happens to permissions?

Key takeaways

  • Publishing is more than 'upload' — it's permissions, scheduling, governance.
  • User filters enforce row-level security: each viewer sees only their data.
  • Tableau Cloud and Tableau Server are the same product with different hosting.
Loading progress…

← Previous

Module 10

Performance — extracts, indexes, the recorder

Next module →

Module 12

Publication-grade Tableau — FT, NYT, Tableau Public Hall of Fame

LeadAfrikPublic Economics Hub
Editorial standardsSuggest a correctionCourse index