Quick Permissions Methods in tableau_rest_api 1.5.1+

The Tableau REST API let’s you programmatically set any permissions, and the functionality has been built into the tableau_rest_api library for a long time now . The link is definitely recommended reading to start, but I’ll do a quick run through here as well.

Permissions on an object (project, workbook, or data source) for a given User or Group are represented by XML tags named GranteeCapabilities. Because of this, there is an GranteeCapabilities object in the tableau_rest_api library which represents the single permissions for one User or Group. You can assign a whole set of GranteeCapabilities to a server object at once; to do this in tableau_rest_api, you create a list of GranteeCapabilities objects. Here’s a quick example (t is a TableauRestApi object created earlier)


group1_luid = t.query_group_luid_by_name(u'Group 1')
caps1 = GranteeCapabilities(u'group', group1_luid)
caps1.set_capability(u'View', u'Allow')
caps1.set_capability(u'Filter', u'Allow')

group2_luid = t.query_group_luid_by_name(u'Group 2')
caps2 = GranteeCapabilities(u'group', group2_luid)
caps2.set_capability(u'View', u'Allow')
caps2.set_capability(u'Filter', u'Deny')

gcaps_list = [caps1, caps2]
project_luid = t.query_project_luid_by_name(u'My Project')
t.add_permissions_by_gcap_obj_list(u'project', project_luid, gcaps_list)

You may notice something that is a pain — you have to set all the capabilities for each group and user one by one. Starting in tableau_rest_api 1.5.1, there is a new method called set_capabilities_to_match_role(role_name) which lets you specify the same role names that are available in the Tableau Server UI (Viewer, Interactor, Editor, etc.) This sets the capabilities to match exactly what would be available if you selected it in the UI. You can then customize from there by using the set_capability method. There are also set_all_to_allow and set_all_to_deny methods which are self explanatory.

So instead of the previous you might do


group1_luid = t.query_group_luid_by_name(u'Group 1')
caps1 = GranteeCapabilities(u'group', group1_luid)
caps1.set_capabilities_to_match_role(u"Interactor")
caps1.set_capability(u'Web Edit', u'Deny')
gcaps_list = [caps1, ]  # Syntax for creating list with 1 item
project_luid = t.query_project_luid_by_name(u'My Project')
t.add_permissions_by_gcap_obj_list(u'project', project_luid, gcaps_list)

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s