Cloud Portal ONE Desktop ONE DQ&C ONE MDM ONE RDM ONE Runtime Server
latest (16.1.0) 16.0.0 15.4.0 15.3.0 15.2.0 15.1.0 14.5.x 13.9.x 13.8.x 13.7.x 13.6.x 13.5.0 13.4.x 13.3.x 13.2.x
User Community Service Desk Downloads

Tableau Lineage Scanner

The Tableau scanner can read metadata from two sources:

  • GraphQL: Lets you read most details about the relationships between the entities in Tableau.

  • REST API: Lets you retrieve complex formulas used in column calculations.

The scanner supports only Tableau Cloud and therefore the current version (Tableau 2023.3).

What is extracted from Tableau?

Using GraphQL

The following metadata can be extracted:

  • Site - Name, ID.

  • Project - Name, ID.

  • Workbooks - Name, ID, URI.

    • Data source - Name, ID, container name, description. Includes embedded and published data sources.

      • Fields - Name, ID, qualified name, description. Includes fields directly defined within the sheet and those beloging to another entity.

        • Calculated fields - Formula, list of fields that it is derived from.

        • Column fields - Fully qualified name, list of database columns the field is mapped to.

    • Sheets - Name, ID, path. Includes fields referenced on the sheet.

    • Dashboard - Name, ID. Includes fields referenced on the dashboard and lineage between the dashboard and sheets referenced from it. For each column field in a workbook, information about the database, tables, and columns they are mapped to is also retrieved.

    • Databases - Name, ID, connection type.

      • Tables - Name, ID, connection type.

        • Columns - Name, ID.

    • CustomSQLTable - Name, ID, query.

Using REST API

It is possible to fetch an XML file (.twb) that holds metadata of all entities present within a workbook. In this case, the scanner can extract detailed information about computations of calculated fields, more specifically, formulas and a list of fields that these formulas use.

In comparison, the lineage retrieved using GraphQL adopts a flattened structure by default. This poses challenges in extracting such information directly from the lineage.

Permissions and security

In Tableau, the following permissions must be configured for the user you’ll be authenticating with:

  • You need to have permission to call the Tableau Metadata API. For details, see the official Tableauu documentation: Tableau Meta API permission.

  • You need at minimum a Viewer role assigned, but keep in mind this can result in an incomplete scan. Ideally, the assigned role should be Administrator or Explorer instead.

  • You can only retrieve assets (such as projects, workbooks, data sources) if you have View capabilities or higher assigned on them. For details, see the official Tableauu documentation: View capabilities.

  • You have a valid Personal Access Token or you have set up a Connected App.

Scanner configuration

All fields marked with an asterisk (*) are mandatory.

Property Description

name*

Unique name for the scanner job.

sourceType*

Specifies the source type to be scanned. Must contain TABLEAU.

description*

A human-readable description of the scan.

oneConnections

List of Ataccama ONE connection names for future automatic pairing.

requestUrl*

Tableau Cloud admin (REST) API URL.

  • Production (US): http://prod-useast-b.online.tableau.com/

  • Production (Europe): http://prod-uk-a.online.tableau.com/prod-uk-a.online.tableau.com/

  • Production (AU): https://prod-apsoutheast-a.online.tableau.com/

site*

Name of the site you want to scan.

accessToken*

Tableau service account token. For instructions about how to create tokens, see the official Tableau documentation: Service Account Tokens and Personal Access Tokens.

tokenName*

Name of the access token.

signInUrl*

Path where the sign-in REST request is performed. To learn more, see the official Tableau documentation: Signing In and Signing Out (Authentication).

apiUrl*

Version of API to perform REST and GraphQL calls. To learn more, the official Tableau documentation: Fundamentals of the Tableau Server REST API.

requestUrl*

URL to send REST calls to. To learn more, the official Tableau documentation: Fundamentals of the Tableau Server REST API.

projects

List of projects that you want to scan.
Tableau scanner example configuration
{
   "scannerConfigs":[
      {
         "name":"TableauJobAta1",
         "sourceType":"TABLEAU",
         "description":"Scan Tableau platform",
         "oneConnections":[
            "Tableau connection",
            "Other Tableau connection"
         ],
         "inputDataCatalogFilePath":null,
         "url":"prod-useast-b.online.tableau.com/",
         "site":"asite",
         "apiUrl":"api/3.21/",
         "signUrl":"auth/signin",
         "requestUrl":"relationship-service-war/graphql",
         "tokenName":"@@ref:ata:[TABLEAU_TOKEN_NAME]",
         "accessToken":"@@ref:ata:[TABLEAU_ACCESS_TOKEN]"
      }
   ]
}

Limitations

Currently, metadata cannot be extracted for the following Tableau assets:

  • Projects within projects

  • Custom SQL tables

FAQ

  1. How long does it take to scan lineage from Tableau Cloud containing 50 workbooks?

    If you are using GraphQL to scan, it should take about 40 minutes.

Was this page useful?