How to Implement Row Level Security in Tableau

You’ve built a powerful Tableau dashboard that everyone on the team loves, but there’s a small problem: not everyone should see everything. Your regional sales managers only need to see data for their regions, and individual reps should only see their own performance metrics. This is where row-level security comes in. This tutorial will walk you through exactly how to set up Row-Level Security (RLS) in Tableau to ensure the right people see the right data, and nothing more.

Graphed

Still Building Reports Manually?

Watch how growth teams are getting answers in seconds — not days.

Watch the Demo

What is Row-Level Security (RLS), Anyway?

Row-Level Security is a data governance feature that restricts data access for a given user at the database row level. In simpler terms, it means you can create one single dashboard or report, and Tableau will automatically filter the data rows based on who is logged in and viewing it.

Think of it like this: without RLS, you'd have to create separate dashboards for each sales region - one for the West Coast team, one for the East Coast team, and so on. This is a maintenance nightmare. With RLS, you build one master dashboard. When the West Coast manager logs in, she only sees data for California, Oregon, and Washington. When the East Coast manager logs in, he only sees data for New York, Florida, and Massachusetts. Same dashboard, different data, all handled automatically.

This is essential for:

• Data Confidentiality: Protecting sensitive information and ensuring employees only see data relevant to their role.
• Simplifying Reporting: Reducing the number of reports you have to build and maintain.
• Improving User Experience: Preventing users from being overwhelmed by irrelevant information so they can focus on the metrics that matter to them.

Before You Begin: What You'll Need

To implement RLS effectively, you need a couple of things in place first. A little preparation here saves a lot of headaches later.

1. A User Field in Your Data: Your data source must contain a column that can be used to identify users. This is typically an email address, employee ID, or username that matches what your team uses to log into Tableau Server or Tableau Cloud.
2. A Clear Entitlements Logic: You need to know what data each user or group should be able to see. You might have a separate spreadsheet or database table that maps users to their corresponding regions, departments, or manager IDs. This is often called an "entitlements table" or a "mapping table."

For our examples, let's imagine we're working with a simple sales dataset that includes a column named [Sales Rep Email] and another column for [Region].

Graphed

Still Building Reports Manually?

Watch how growth teams are getting answers in seconds — not days.

Watch the Demo

Method 1: The User Filter (The Manual Approach)

The simplest way to implement RLS in Tableau is by creating a user filter. This method is great for situations where you have a small, manageable number of users and straightforward rules. You essentially manually map each user (or group) to the specific data values they are allowed to see.

Step-by-Step Guide to Creating a User Filter

Step 1: Create the User Filter

With your workbook open, go to the top menu and click Server > Create User Filter. A dialog box will appear. Select the field you want to filter on. For example, if you want to filter by region, you would select the [Region] field.

Give your filter a descriptive name, like "Regional User Filter."

Step 2: Map Users to Data Values

In the next dialog box, you'll see a list of users and groups from your Tableau Server/Cloud on the left, and a list of the values from the field you selected (e.g., "North," "South," "East," "West") on the right.

Now, you simply map them together.

• Click on a user on the left, for example, "aneela.sharma@company.com".
• On the right, check the box next to the value you want to assign to her, for instance, "East."
• Repeat this for all your users. If a user manages multiple regions, you can check multiple boxes for them.

When you're finished, click OK.

Step 3: Apply the Filter to Your Worksheets

You’ve created the filter, but it hasn’t been applied yet. In the bottom-left corner of your Tableau screen, under the "Data" pane, you'll now see a "Sets" section. Your new user filter will be listed here.

Drag your user filter (e.g., "Regional User Filter") and drop it onto the Filters card for any worksheet you want to secure.

That's it! When Aneela Sharma logs in, she will only see data for the "East" region.

Pros and Cons of User Filters

• Pros: It's simple, requires no coding, and is very easy to set up for straightforward scenarios.
• Cons: It becomes very tedious to manage as your team grows. If you have hundreds of users, or if user permissions change frequently, manually updating these mappings is unsustainable.

Graphed

Still Building Reports Manually?

Watch how growth teams are getting answers in seconds — not days.

Watch the Demo

Method 2: Using a Calculated Field (The Dynamic, Scalable Approach)

For larger teams or more complex permission rules, a calculated field is the better choice. Instead of manually mapping users, you create a dynamic calculation that returns TRUE if the viewer should be able to see a row of data and FALSE if they should not.

This method relies on Tableau's built-in user functions, which can identify the person currently viewing the dashboard.

Key Tableau User Functions to Know

• USERNAME(): Returns the username of the current user on Tableau Server or Tableau Cloud. Often, this is their email address.
• FULLNAME(): Returns the full display name of the current user.
• ISMEMBEROF('Group Name'): Returns TRUE if the current user is a member of the specified Tableau group (e.g., 'Sales Managers'). This is incredibly powerful for role-based security.

Step-by-Step Guide Using a Calculated Field

Step 1: Create the Calculated Field

In the "Data" pane, click the dropdown arrow and select Create Calculated Field. Let's call this calculation "Row-Level Security Filter."

Now, you'll write a simple logical expression. Here are a few common scenarios:

Scenario A: Each Rep Sees Only Their Own Data

If your data has a column like [Sales Rep Email] that matches the user's Tableau username, the calculation is incredibly simple: USERNAME() = [Sales Rep Email] This formula compares the email of the person logged in to the email in each row of the data. It will only return TRUE for the rows that belong to them.

Scenario B: Managers See All Data, Reps See Their Own

Let's say you have a Tableau Group called "Sales Managers." You want them to see everything, while individual reps only see their own rows. The calculation would look like this: ISMEMBEROF('Sales Managers') OR USERNAME() = [Sales Rep Email] This combines two checks: "Is the current user a member of the 'Sales Managers' group? OR is their username the same as the one in the [Sales Rep Email] column?" If either condition is true, they can see the data.

Step 2: Apply the Calculation as a Data Source Filter

This is the most important step. Instead of adding this calculated field to the Filters shelf on a worksheet (which users could potentially remove), you apply it as a data source filter. This enforces the security rule across the entire workbook before any worksheets are even built.

1. Go to the Data Source tab in the bottom-left corner of Tableau.
2. In the top-right corner, click the Add button under "Filters."
3. Click Add again in the dialog box, then select the calculated field you just created ("Row-Level Security Filter").
4. In the final dialog, check the box for True and click OK.

By setting the filter to True, you are telling Tableau to only pull rows where your calculation's logic is met.

Graphed

Still Building Reports Manually?

Watch how growth teams are getting answers in seconds — not days.

Watch the Demo

Pros and Cons of Calculated Fields

• Pros: It's scalable, dynamic, and low-maintenance. When new users are added, you don't need to update anything in Tableau as long as the data and their permissions are correct.
• Cons: It requires a basic understanding of Tableau calculations and requires that your data is structured with user-identifiable fields.

Don't Forget to Test Your Setup!

You should never publish a dashboard with RLS without testing it first. It's easy to make a mistake and either expose too much data or block access for everyone. Thankfully, Tableau makes this easy.

1. In your Tableau Desktop workbook, look at the bottom-right corner. You'll see a small button that says View as User.
2. Click on it, and a dropdown menu will appear with all the users and groups on your Tableau Server/Cloud.
3. Select a specific user. The dashboard will instantly re-render to show you exactly what that user would see.

Click through a few different users - a manager, an individual rep, and someone from another department who should see nothing. If everyone sees what they're supposed to, you're ready to publish.

Final Thoughts

Implementing row-level security is a foundational skill for anyone managing Tableau dashboards in a business environment. Using user filters is a great starting point for simple cases, while calculated fields offer a robust and scalable solution for managing complex permissions across a growing organization. Getting this right not only protects your data but also makes your dashboards infinitely more relevant to your end users.

While powerful, setting up permissions like this in traditional BI tools highlights the learning curve that can keep valuable data locked away from decision-makers. That's why we built Graphed{:target="_blank" rel="noopener"} — to get critical insights into the hands of an entire team, not just those with technical training. We simplify everything by letting you connect all of your data sources and create secure, real-time dashboards using plain-English prompts. This way, you spend your time acting on data, not wrestling with complex configurations.