Wednesday, April 24, 2013

Tableau Server 8 Danger - inadvertent Site Administrator assignment

A Tableau Server Site Administrator has great power within his or her Site. In the wrong hands this power can cause great harm.

It's not a good idea to assign Site Administrator privileges other than to specific, responsible, knowledgeable Users who know what they're doing and can be trusted to do as little harm as possible.

Assigning Site Administrator privileges should be a deliberate conscious act, one with a higher burden of awareness and positive confirmation than is present in the simple act of registering an ordinary Interactor or Viewer. It would be very, very helpful if Tableau Server provided a secondary "are you sure" prompt in response to Site Administrator assignment, much like destructive operations like deleting worksheets require. (oh, wait, Tableau Desktop 8 doesn't do this any more - but that's another post)

It's a problem, then, that Tableau Server sometimes provide the opportunity for Site Administratorship to be assigned to a new User as a side effect of adding that User to a Site.

This is very bad.

Here's the scenario.

In an Active Directory authentication enabled Tableau Server installation, when adding a new User (Interactor only) to a Site the current admin mis-identifies the User. Tableau Server, unable to validate the user against Active Directory, returns an error message to that effect and provides the admin the opportunity to correct the User's AD name and resubmit. Upon doing so, with the name now correct, Tableau Server goes ahead and registers the User.

Only now the User is a Site Administrator.

How can this be? The admin did nothing positive to cause this to happen.

The fault is Tableau Server's. Upon presenting the "could not be added" error message to the admin, Tableau Server has, for reasons unknown, toggled the "Site Administrator" check box to active. This selection, being outside the admin's attention area, has a very high likelihood of being overlooked, thus causing the inadvertent assignment of Site Administrator to the new User.

Anticipating the "but the admin should be paying attention" claim that there's nothing really wrong here: sorry, but that's not a valid position.

Here are the screen shots showing the events.

Adding a User

User Not Added - Name Not Legitimate

Correct the User Name

User Added to Site as Site Admin - not as intended

 

No comments:

Post a Comment