Tableau Personal Access Token
Service Name: Tableau
Service Description: Tableau is a visual analytics platform that helps people see and understand data. It provides interactive data visualization software focused on business intelligence.
Service Address: https://www.tableau.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the Tableau Server level through trusted authentication and site SAML settings.
Secret Access Scope: Grants programmatic access to Tableau Server or Tableau Online REST API, allowing users to perform operations such as publishing workbooks, extracting data, and managing users without requiring manual login.
Secret Revokement URL: https://help.tableau.com/current/server/en-us/security_personal_access_tokens.htm
Secret Example: tps_2ABCDEfghijkLMNOPqrstuvwxyz1234567890abcdefghiJKLMNopqRSTUVwxyz12==
Suspicious Activity Investigation Instructions:
- Review Tableau Server administrative views for unusual API access patterns
- Check Tableau Server logs for unexpected API calls or high volumes of requests
- Monitor for unauthorized workbook publications or data extractions
- Examine access times and IP addresses for anomalous patterns
- Review any changes to permissions or content ownership
Mitigation Instructions:
- Log in to Tableau Server or Tableau Online as an administrator
- Navigate to the user's profile settings
- Select the "Settings" tab
- Locate the "Personal Access Tokens" section
- Click "Delete" next to the compromised token
- Create a new token with appropriate permissions if needed
- Review and update the user's permissions if necessary
- Consider implementing token expiration policies for future tokens
- Document the incident and update security protocols as needed