/
Initial SQL

Initial SQL

Initial SQL for User Impersonation enables Tableau to execute SQL commands at connection time that pass the authenticated user's identity to Kyvos, allowing Kyvos to enforce personalized row-level security and data access policies. When Tableau connects to Kyvos, Initial SQL can set session variables or execute stored procedures that communicate the current user's credentials, ensuring that Kyvos applies the correct security context for each user. This approach is particularly valuable in enterprise environments where a service account connects to Kyvos, but each Tableau user needs their own data permissions enforced. Initial SQL bridges the gap between Tableau's authentication and Kyvos' security model, maintaining granular access control without requiring each user to authenticate directly. By implementing user impersonation through Initial SQL, organizations can achieve centralized security management in Kyvos while simplifying connection management in Tableau Server or Online.

To connect the Tableau Desktop to Kyvos using Kerberos SSO, perform the following steps.

  1. Launch Tableau Desktop.

  2. Select the Kyvos connector from the Connector list.

  3. Provide connection details in the General tab.

    image-20251010-160258.png

  4. Now, go to the Initial SQL tab, provide the initial SQL script for user impersonation, and click Sign In.
    Script- EXECUTE AS USER = [TableauServerUser] WITH NO REVERT;

    image-20251010-105208.png

  5. Choose the required Schema and Table.

    image-20251010-105316.png

  6. Create a visualization as needed.

    image-20251010-105343.png

  7. Go to the Server menu and choose Publish Data Source.

    image-20251010-105436.png

  8. Provide a data source Location and its Name. Choose authentication as Server Run AS Account. Also, choose Maintain connection to a live data source and click Publish.

    image-20251010-105540.png

  9. Now, you will be redirected to a published data source on Tableau Cloud or Server and notified that the data source has been published successfully.

  10. Click New and choose the Workbook Using This Data Source option. 

    image-20251010-105605.png

  11. Create a visualization as needed.

    image-20251010-105656.png

  12. The username used to execute the query on Kyvos is displayed. As the initial SQL is applied, you can see that the query is executed through the Tableau Cloud or Server user.

 

 

Copyright Kyvos, Inc. 2025. All rights reserved.