User Setup

To enable Bigeye to connect to Tableau and retrieve data lineage, you will need to create a dedicated user, configure permissions, and set up authentication.

Bigeye supports three authentication methods:

---

1. Create a Tableau User and Group

1. Create a new user, for example:
   • Username: bigeye_lineage_user
2. Add this user to a group, for example:
   • Group name: BigeyeGroup

Note: Usernames and group names may be used interchangeably in the steps below.
Example project folder name: Tableau Samples.

---

2. Understand Project Folders

Tableau displays a list of Project Folders, where Workbooks, Views, and Data Sources are stored. Permissions must be configured at the Project Folder level or the Workbook level depending on your access strategy.

---

3. Configure Project-Level Permissions

1. Navigate to the Project Folder (e.g., Tableau Samples).
2. Click on Permissions.
3. Assign permissions to the group (e.g., BigeyeGroup):
   • View
   • Download Workbook

When permissions are locked to the project, these permissions apply to all workbooks within the folder.

---

4. Configure Workbook-Level Permissions (Optional)

If the project is set to Managed by the Owner rather than locked:

1. Each workbook must be configured individually.
2. For each workbook, assign the following permissions to the user or group:
   • View
   • Download Workbook

---

5. Configure Authentication

Choose one of the following authentication methods.

Option A: Personal Access Token (Default)

1. Log in to Tableau Server or Tableau Cloud as the dedicated user (bigeye_lineage_user).
2. Click your profile icon in the top-right corner.
3. Navigate to My Account Settings.
4. Under the Personal Access Tokens section:
   • Click Create new token.
   • Enter a descriptive token name (e.g., bigeye_token).
   • Click Create.
5. Copy the generated Token Name and Token Value.
   • The token value is shown only once. Save it securely for use in Bigeye.

During Bigeye agent setup, select Personal Access Token as the authentication method and provide the token name and token value.

Option B: JWT — Connected App

Connected Apps let you authorize machine-to-machine access using a JSON Web Token (JWT) signed with a shared secret. No per-user token is required.

Step 1: Create a Connected App in Tableau

1. Sign in to Tableau Server or Tableau Cloud as a Server Administrator (Server) or Site Administrator (Cloud).
2. Navigate to Settings > Connected Apps.
3. Click New Connected App and select Direct Trust.
4. Enter an app name (e.g., Bigeye Lineage).
5. Click Create.

Step 2: Generate a Secret

1. On the Connected App detail page, click Generate New Secret.

2. Record the following three values:

   Value	Description
   Client ID	Displayed on the Connected App detail page
   Secret ID	Shown after generating the secret
   Secret Value	Shown only once — copy and store it securely

Step 3: Enable the Connected App

1. On the Connected App detail page, set the app status to Enabled.

Step 4: Configure Bigeye

During Bigeye agent setup, select JWT (Connected App) as the authentication method and provide:

• Username — the email address of the Tableau user Bigeye should act as (e.g., [email protected]). This user must have the permissions configured in sections 3–4 above.
• Client ID — from Step 2.
• Secret ID — from Step 2.
• Secret Value — from Step 2.

Note: The JWT token Bigeye generates is scoped to tableau:content:read and expires after 5 minutes. A fresh token is generated automatically for each API session.

Option C: Username and Password

For environments where neither Personal Access Tokens nor Connected Apps are available, you can authenticate with a username and password directly.

During Bigeye agent setup, select Username and Password and provide the credentials for the dedicated Tableau user.

Warning: Username and password authentication does not support multi-factor authentication (MFA). If MFA is enabled for the user, use one of the token-based methods instead.

---

Configuration Parameters

The following fields can be configured:

General:

• tableau.basefolder
• tableau.file.encoding (default: ISO-8859-1)
• metacenter.url
• tableau.extract.file
• tableau.server.url
• tableau.server.site.name
• tableau.server.name
• tableau.version
• tableau.server.version

Authentication — Personal Access Token:

• tableau.server.use.personal.token — set to Yes to use PAT authentication
• tableau.server.personal.token.name
• tableau.server.personal.token.secret.password

Authentication — JWT (Connected App):

• tableau.server.use.jwt.auth — set to Yes to use JWT authentication
• tableau.server.username — email address of the Tableau user to act as
• tableau.server.jwt.client.id
• tableau.server.jwt.secret.id
• tableau.server.jwt.secret.password
• tableau.server.jwt.secret.password.encrypted — set to true if the secret value is encrypted

Authentication — Username and Password:

• tableau.server.username
• tableau.server.password

Filtering:

• tableau.projectfolder.include
• tableau.projectfolder.path.include
• tableau.projectfolder.match.path
• tableau.projectfolder.exclude
• tableau.workbook.include
• tableau.workbook.exclude

---

Summary of Steps

1. Create a user (e.g., bigeye_lineage_user).
2. Add the user to a group (e.g., BigeyeGroup).
3. Assign project-level permissions (View, Download Workbook).
4. If needed, assign workbook-level permissions when not locked at the project level.
5. Configure authentication using one of:
   • Personal Access Token — generate a token from My Account Settings.
   • JWT (Connected App) — create a Connected App, generate a secret, and provide the Client ID, Secret ID, and Secret Value.
   • Username and Password — provide credentials directly.