Manage Tableau Online/Server projects, groups, and permissions via config and CLI
Project description
tableau-permissions
Manage Tableau Online/Server projects, groups, and permissions via config and CLI.
Table of contents
About
- Permissions management: project, workbook, datasource, flow, metric
- Config-driven: manage groups, projects, and permissions via Python config files under
configs/ - Automation helpers: audit projects (config vs server), create projects/groups, apply permissions, export existing site config
Setup and usage
Install
pip install tableau-permissions
Or from source: pip install -e . (then run tableau-permissions or python -m scripts.tableau_setup from the repo).
Setup
- In Tableau Online go to My Account Settings and add a Personal Access Token.
- Add these variables to your
.bash_profile,.zshenv, or secrets setup (values shown are examples only):
# Tableau Credentials (example values)
export TABLEAU_SERVER_PRODUCTION='https://YOUR-PROD-SERVER.online.tableau.com/'
export TABLEAU_SERVER_TEST='https://YOUR-TEST-SERVER.online.tableau.com/'
export TABLEAU_USERNAME=''
export TABLEAU_PASSWORD=''
export TABLEAU_SITENAME_PRODUCTION=''
export TABLEAU_SITENAME_TEST=''
export TABLEAU_API_VERSION='3.28'
export TABLEAU_PERSONAL_ACCESS_TOKEN_VALUE_PRODUCTION="<your access token here>"
# Make sure the token name matches what you listed when creating the token!
export TABLEAU_PERSONAL_ACCESS_TOKEN_NAME_PRODUCTION="local-dev-token"
export TABLEAU_PERSONAL_ACCESS_TOKEN_VALUE_TEST="<your access token here>"
export TABLEAU_PERSONAL_ACCESS_TOKEN_NAME_TEST='automation-test-token'
Configuration
This repo ships with example configuration files under configs/:
groups.py– example department/group names.top_level_projects.py– example top-level project (folder) structure.project_permissions.py– example mapping of groups to permissions per project.executive_membership.py– placeholder list of emails allowed in theExecutivegroup.protected_projects.py– project names that will not be created or deleted by this tool (e.g.default,Samples). Permissions on these projects can still be adjusted.
These are examples only and should be customized to match your own organization’s structure and Tableau site.
CLI examples
Below, -e test or -e prod selects which Tableau environment to use based on your environment variables.
Test authentication only
python scripts/tableau_setup.py -e test -ta
This will sign in to the specified environment, print basic connection information, and exit without creating projects or changing any permissions.
List the projects
python scripts/tableau_setup.py -e test -lp
Audit projects (config vs server)
Shows a full outer join of projects in config (configs/top_level_projects.py) vs top-level projects on the server, plus whether each is in the protected list:
python scripts/tableau_setup.py -e test -ap
Output columns: project, in_config, on_server, protected. Use this to see what’s missing on the server (in config but not on server) and what exists only on the server (not in config).
Use --table to print projects (or groups) as a plain-text table (via tabulate) instead of a list. Table output is terminal- and log-friendly (e.g. Airflow):
python scripts/tableau_setup.py -e test -lp --table
Full setup (create projects, create groups, then apply permissions)
On a new or empty Tableau site, run in this order so that projects and groups exist before permissions are applied:
python scripts/tableau_setup.py -e test -cp -cg -aap
-cp(create projects) – creates top-level projects fromconfigs/top_level_projects.pyif they don’t exist.-cg(create groups) – creates groups fromconfigs/groups.pyif they don’t exist.-aap(add all permissions) – applies permissions fromconfigs/project_permissions.pyto those projects and groups. Requires projects and groups to already exist; if groups are missing on the server, you’ll see “group … not found on server; skipping” and no permissions will be applied for that project.
Add all permissions only (projects and groups already exist)
If projects and groups are already created (e.g. you ran -cp -cg earlier or created them in the Tableau UI):
python scripts/tableau_setup.py -e test -aap
Export existing site config to YAML
For a large existing site, you can export the current state (projects, groups, and permissions) to a YAML snapshot as a starting point for configs:
python scripts/tableau_setup.py -e prod -ec configs/export
This writes tableau_site_export.yml under configs/export/ with:
projects: id, name, description, parent_id, content_permissionsgroups: id, name, description/domain_name, minimum_site_role, license_modepermissions: for each area (project,workbook,datasource,flow,datarole,metric), a mapping ofproject -> group -> capabilities.
Inspect and remove All Users permissions
To see where the built-in All Users group has explicit project-level permissions:
python scripts/tableau_setup.py -e prod -lpau
Add --table to see a tabular view.
To remove all explicit permissions for All Users across all projects (leaving inheritance intact, and skipping virtual connections):
python scripts/tableau_setup.py -e prod -cpau
This removes explicit rules for the All Users group in the project, workbook, datasource, flow, and metric areas wherever they exist, so permissions fall back to inheritance/defaults.
Develop and contribute
Running tests
Install dev dependencies (pytest, pytest-cov, mypy, ruff), then run tests with coverage. Save your edits first—pytest runs against the saved files on disk.
pip install -e ".[dev]"
pytest tests/ -v --cov=src --cov-report=term-missing
mypy src scripts # optional: static type checking
ruff check . # optional: linting
Acknowledgments
Thanks to Panther Labs for permitting this code to be open sourced under the MIT license. The original implementation was developed while the author was employed at Panther. The company has kindly allowed it to be released for the community to use and extend.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file tableau_permissions-0.1.0.tar.gz.
File metadata
- Download URL: tableau_permissions-0.1.0.tar.gz
- Upload date:
- Size: 27.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.1
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
46784260e2d5cbb1d231f167b07946d263a3c7f6b6417b2bf416cc383f7a106d
|
|
| MD5 |
8cc6a9dd3f0f08cb433d399310075152
|
|
| BLAKE2b-256 |
f4fbac4f6dfc141284634ae9dad3a8175481f32beb40f39354e2e4dbe6cc8025
|
File details
Details for the file tableau_permissions-0.1.0-py3-none-any.whl.
File metadata
- Download URL: tableau_permissions-0.1.0-py3-none-any.whl
- Upload date:
- Size: 23.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.1
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
358fe266199a63adf90306a68895c7c186126e3767c3fee6a6047c2d712f407f
|
|
| MD5 |
95ab9c3c045b6494b261ccc8f5c95f33
|
|
| BLAKE2b-256 |
a67a8e89da67f6304ab4a1d4114222e1ac4614236c81dee62400f7f9b6d86b9e
|
