Tableau Lineage Scanner
Scanned and supported objects
|
While we strive for comprehensive lineage capture, certain dataflows and transformations might be incomplete or unavailable due to technical constraints. We continuously work to expand coverage and accuracy. |
Supported version
The scanner supports only Tableau Cloud and therefore the current version (Tableau 2023.3).
Scanned resources
The extracted metadata includes the following objects:
-
Site: Name, ID.
-
Project: Name, ID.
-
Workbooks: Name, ID, URI.
-
Data source: Name, ID, container name, description. Includes embedded and published data sources.
-
Fields: Name, ID, qualified name, description. Includes fields directly defined within the sheet and those belonging to another entity.
-
Calculated fields: Formula, list of fields that it is derived from.
-
Column fields: Fully qualified name, list of database columns the field is mapped to.
-
-
-
Sheets: Name, ID, path. Includes fields referenced on the sheet.
-
Dashboard: Name, ID. Includes fields referenced on the dashboard and lineage between the dashboard and sheets referenced from it. For each column field in a workbook, information about the database, tables, and columns they are mapped to is also retrieved.
-
Databases: Name, ID, connection type.
-
Tables: Name, ID, connection type.
-
Columns: Name, ID.
-
-
-
CustomSQLTable: Name, ID, query.
-
Supported connectivity
-
Connector type: REST API and Metadata API (GraphQL).
-
Authentication method: Username and Personal Access Token (PAT).
Tableau permissions
In Tableau, the following permissions must be configured for the user you are authenticating with:
-
You need to have permission to call the Tableau Metadata API. See the official Tableau documentation.
-
At minimum a Viewer role assigned, ideally Administrator or Explorer. Keep in mind that having a role with lower level permissions can result in an incomplete scan. Ideally, the assigned role should be Administrator or Explorer instead.
-
You can only retrieve assets (such as projects, workbooks, data sources) if you have View capabilities or higher assigned on them. For details, see the official Tableau documentation: View capabilities.
-
You have a valid Personal Access Token or you have set up a Connected App.
Scanner configuration
All fields marked with an asterisk (*) are mandatory.
| Property | Description |
|---|---|
|
Unique name for the scanner job. |
|
Specifies the source type to be scanned.
Must contain |
|
A human-readable description of the scan. |
|
List of Ataccama ONE connection names for future automatic pairing. |
|
Tableau Cloud admin (REST) API URL.
|
|
Name of the site you want to scan. |
|
Tableau service account token. For instructions about how to create tokens, see the official Tableau documentation: Service Account Tokens and Personal Access Tokens. |
|
Name of the access token. |
|
Version of the API to perform REST and GraphQL calls. See Fundamentals of the Tableau Server REST API. |
|
Path where the sign-in REST request is performed. See Signing In and Signing Out (Authentication). |
|
URL to send REST calls to.
Currently, the default value ( |
|
List of projects that you want to scan. |
{
"scannerConfigs": [
{
"name": "TableauJobAta1",
"sourceType": "TABLEAU",
"description": "Scan Tableau platform",
"oneConnections": [
"Tableau connection",
"Other Tableau connection"
],
"inputDataCatalogFilePath": null,
"serverUri": "https://prod-useast-b.online.tableau.com",
"site": "asite",
"baseRestApiPath": "api/3.21",
"signInPath": "api/3.21/auth/signin",
"graphqlPath": "relationship-service-war/graphql",
"tokenName": "@@ref:ata:[TABLEAU_TOKEN_NAME]",
"accessToken": "@@ref:ata:[TABLEAU_ACCESS_TOKEN]"
}
]
}Was this page useful?