In modern analytics ,environments, dashboards are shared across teams, departments, and regions.But not every user should see every row of data. A regional manager should only see their region. A team lead should only see their team. A student should only see their own scores.

This is where RLS becomes essential .RLS ensures that each user sees only the data they are authorized to see, without requiring multiple versions of the same dashboard. One dashboard, many personalized views securely delivered.

What is RLS ?

Row-level security (RLS) in Tableau restricts the rows of data a certain user can see in a workbook.Row-level security enables two users viewing the same dashboard to see only the data each user is allowed to see.

Why we need RLS ?

• Relevance: Users see only what matters to them.

• Efficiency: One dashboard serves many audiences.

• Governance: Reduces duplication and manual maintenance.

•  Security: Prevents unauthorized access to sensitive data.

How does Row Level Security work?

High Level Process

This Determine the username ,Gets the Data only for that user and also filters the data by Entitlements .

Standard Row Level Security

This is the most “standard” model of Row Level Security possible in Tableau. It will work for both Live Connections and Multi-Table Extracts.

Open Tableau Cloud:

          If you are not signed to into Tableau Server or Tableau Online you may be prompted to do so. The window will open and ask you to enter your credentials.

RLS Dashboard Which i created in tableau desktop using sample store data .We can Open that dashboard for all users .

      Desktop Dashboard should opened in Tableau Server/Cloud .In the following method we should connect the Dashboard.

once the Server is connected , then Publish the Work book to server from Desktop

Include Name of the Dashboard to Publish in Cloud         

Published in Tableau Cloud .

     In this above dashboard , everyone from all region (Central,East,South,West) can see all data's now RLS method of security is we can restrict the data from users.

  Below image shows that how to give Security Access to particular level users . Sometimes you want to filter data based on the user that is requesting it.

For example:

• You want regional salespeople to see sales figures only for their region.

• You want sales managers to see statistics only for salespeople that report to them.

• You want students to see visualizations based only on their own test scores.

An approach to filtering data this way is called row-level security (RLS). There are multiple methods to accomplish row-level security both inside and outside of Tableau.

  Lets see how to implement RLS,    

Methods to Implement Row‑Level Security in Tableau

Tableau offers multiple ways to implement RLS, each suited for different data architectures. Below are the three most widely used approaches, based on Tableau’s official guidance and industry best practices.

• User Filters (Manual Mapping)

• Dynamic Row‑Level Security Using Calculated Fields

• Data Policies with Virtual Connections.

Lets explore how to create an RLS using above methods ,

User Filters (Manual Mapping)

This type of security is used in small team,

You manually map Tableau Server/Cloud users to allowed values (e.g., Region = East).

How it works:

• Create a User Filter in Tableau Desktop.

• Assign users to specific values.

• Publish the workbook.

Create a user filter

User-based filtering is one option to help secure your data source or workbook using RLS. This procedure is best for a small and fairly static set of users or groups, and only a small number of workbooks that need user filters.

1. In Tableau Desktop, open the workbook and connect to the data you want to filter.

2. Navigate to the worksheet that you want to apply a filter to.

3. Select Server > Create User Filter. Then select the field you want to use for filtering the view, such as Region.

4. In the User Filter dialog box, name the filter. We’ll use Region.

   
   

5. Select a user or group on the left, then indicate which values on the right they should be able to see. Repeat this process for each user or group and click OK when you’re done mapping users to values.

6. we have some geo-based data and we assign each user to their appropriate region, so only one user maps to any given row of data.

7. Row-Level Security (RLS) in Tableau Cloud ensures each user sees only the data they're authorized to view, even when accessing the same dashboard. It filters rows dynamically based on user identity, roles, or data policies.

8.Map the users need to give access for particular region .

9. The Mapping USER appears under measures in the Data pane. Just like your other fields, you can use it in one or more visualizations by adding it to the filters shelf: from the Data pane drag User Filter to the Filters shelf. In the Filter dialog box that opens, select True, and then click OK. Note: If you are not signed in to Tableau Server or Tableau Online, the True option is not visible. In Tableau Desktop, sign in to Tableau Server or Tableau Online to select it. In the lower right corner of Tableau Desktop is a user emulator, which allows us to see what the view will look like if a specific user sign in. You may toggle between some of the users and the view will be filtered to show only their relevant values.

Add User filter to the Filter. Once we add them we can see only allowed user can the particular Region wise data .

To Complete for all sheets and for users Right Click On filters --->Apply to Worksheets--->All Using This Data Source

After the Filter of users, Dashboard looks like  Region Central for Signed User ID which we gave the permission .

We should Publish this dashboard in tableau server/Cloud again after setting user filter with Users and Add/Edit permission depending on the Hierarchical level of the organization needs.

These are the method for User Filter in RLS .

we have some pro and cons for User filter .

Pros

• Easy to set up

• No data model changes

Cons

• High maintenance

• Must be repeated per workbook

• Risky if permissions aren’t locked down (users could remove filters)

Dynamic Row‑Level Security Using Calculated Fields

When the dataset already contains a user identifier (email, username, manager ID).

This method uses Tableau’s USERNAME() or FULLNAME() function to dynamically filter rows. By creating the Calculated field .

[Region] = LOOKUP_REGION_FOR(USERNAME())

Or a simple match:

[Email] = USERNAME()

We can deep drive in upcoming blog . About the Dynamic RLS Method and Data Policies with Virtual Connections.

Conclusions

Row-Level Security in Tableau is an essential feature for organizations looking to manage sensitive data effectively while providing tailored access based on user roles. By employing a combination of user filters, dynamic calculated fields, and centralized data policies, businesses can ensure that their data governance strategies are robust and compliant with privacy standards.

Reference :

https://www.phdata.io/blog/empowering-data-security-exploring-row-level-security-in-tableau/

https://help.tableau.com/current/online/en-us/rls_options_overview.html