/
Leveraging Kyvos Security Model

Leveraging Kyvos Security Model

Kyvos’s security model encompasses row-level security (RLS), column-level security, and data access policies defined within the Kyvos semantic layer. When Tableau connects live to Kyvos, these security policies are automatically enforced based on the authenticated user's credentials, ensuring users only see data they're authorized to access. This security inheritance eliminates the need to replicate security logic in Tableau, maintaining a single source of truth for data governance. By using "Prompt User" authentication while publishing on Tableau server/cloud, each user's individual permissions are respected, providing personalized and secure data access without manual configuration in Tableau.

To set data security rules, perform the following steps.

  1. Open Data Security rule in the semantic model.

    image-20251008-170636.png

  2. Create a new rule to restrict access. For example, here, the Country is restricted to India only.

    image-20251008-170942.png

  3. Assign that rule to the required user’s ID and click Save.

    image-20251008-171103.png

  4. Now, verify that rule on Tableau by making a connection with the same semantic model and try to use Country in the visualization.

    image-20251008-171252.png

  5. To publish to the Tableau Server, go to Server > Publish Workbook.

  6. In the Publish dialog box, locate the Data Sources section and select Authentication: Prompt user.
    NOTE: Do not use embed passwords or service account. This ensures each viewer authenticates with their own Kyvos credentials.

  7. Click Publish.

  8. Open the published workbook and enter your credentials when prompted. You can now view only authorized data.

Copyright Kyvos, Inc. 2025. All rights reserved.