The article explains how Data Access Management (DAM) for Tableau works in OvalEdge. This feature makes it easy for organizations to sync and view various Projects and Reports present in a Site, check out various permissions assigned to Groups and Users on them, and capture an audit log of all entries. The DAM varies from one connector to another based on its functionality.
Data Access Management
The Data Access Management submodule controls all Access Management operations at the OvalEdge level.
In order to enable the Data Access Management for the Tableau connector, refer the Data Access Management knowledge base article.
Crawl
Data Access-enabled crawling is divided into ‘Crawl Site Groups, Users and Permissions’ and ‘Crawl Project’s Permissions.’
Crawl Site Groups, Users and Permissions: Crawl Site Groups, Users, and Permissions enables Data Access Admins to fetch groups, users, and their associations of a site from the data source.
Crawl Project’s Permissions: Crawl Project's Permissions enables Data Access Admins to fetch project permissions and various types of reports associated with this site's groups and users.
Schedule: The crawling of Site Groups, Users and permissions, and Project Permissions can be scheduled according to defined timelines.
Grouping of sites by instance
The created sites are grouped in the Data Access module according to their associated server instance, shown in a hierarchical tree view on the left side of the page. The tabs displayed for each instance level vary depending on the site type.
For Tableau, the Sites tab lists all sites hosted under this instance. Sites are visible in addition to the Instance Details.
Instance Details
The ‘Instance Details’ tab acts as an instance-level landing page.
Instance Summary:
The ‘Instance Summary’ tab under this section lists all the parameters used to establish that particular connection. Some parameters, such as Token Name and Token are editable, while others such as Hostname, Tableau API Version are not editable. Organizations can choose to configure access to specific sites, with corresponding specific tokens.
Data Access Admins
Data Access Admins display a list of all Data Access Administrators associated with different sites in the instance.
Sites
The ‘Sites’ tab displays the list of all the sites in this instance, with additional information.
- Connector Name: Name of the specific connector.
- Sites: Name of the specific site.
- Total User Count: Total number of users who have access to the specific site
- Site Administrators: The administrators of the specific site
- Status: Status of the corresponding Site, whether active or inactive
- Web Authoring: Web Authoring capability for a site has been enabled or not is displayed here.
- Extract Encryption: This field displays whether encryption of all extracts in the current site has been enforced or not.
Site Level
The following tabs are displayed for each site level. Navigate to a site under each server instance in the left-side hierarchical Data Access Management grouping.
Connector Details
The ‘Site Details’ tab acts as the site-level landing page.
Below are its listed sub-tabs:
Summary
Data Access Admins (DAA) can manage various settings for a connector on the Site Summary page. This Site’s Data Access Administrator roles can also be defined here.
- Enable Access Management & Sync Tableau Permissions with OvalEdge Permissions:
This setting can be utilized to allow or not sync and map various Tableau’s Data object permissions with corresponding permissions in OvalEdge.
Permissions
The Permissions tab displays the mapping of different Projects/Reports permissions of the data source to OvalEdge-specific permissions.
For example, VIEW permission on a Tableau corresponds to Meta Read Data No Access in OvalEdge.
Site Groups: This displays the list of groups in the current site, the minimum site role granted to each group, and the users associated with each group, which is retrieved from the data sources when crawling is performed.
Site Users: This displays the list of users in the current site along with the site role and groups associated with each user, which is retrieved from the data sources when crawling is performed.
Projects: This displays the list of projects in the current site along with the associated permissions on groups and users retrieved from the data source when crawling is performed.
Reports: This displays the list of various types of reports on the current site, along with the type of report such as Workbooks, Views, Data Source, and the associated permissions present with groups and users. The list is retrieved from the data source when crawling is performed.
Data Access Audit
Data Access Audit displays the audit trail of any actions taken from the Data Access module, whether adding, updating, or deleting. OvalEdge captures fields like the timestamp of an action, the specific user who has taken the action, and a brief description of the action.
The displayed fields are as follows:
- Instance: Here, the logs are captured when the creation, updation, or deletion of instances occurs within Data Access Management. It also records the username of the person who performed the action and the action's timestamp.
- Site Groups: Here, the logs are captured when a group is added/deleted/updated in the source system after a crawl is completed. The log also records the user's name and the action's timestamp.
- Site Users: Here, the logs are captured when a user is added/deleted/updated in the source system after completing a crawl. The log also records the user's name who performed the action and its timestamp.
- Project Permissions: Here, the logs are captured when a group or user gets any permission(s) added/modified/deleted on a project in the source system after completing a crawl. It also records the name of the user who acted and the action's timestamp.
- Report Permissions: Here, the logs are captured when a group or user gets any permission(s) added/modified/deleted on a report in the source system after completing a crawl. The log also records the user's name who performed the action and the action's timestamp.