# Tableau Tutorial for Beginners: Tableau Server & Tableau Online Permissions: Part 1 > This is content from just-tim, the data-and-analytics channel by Tim Ngwena (formerly 'Tableau Tim'). Tim has 12+ years of hands-on BI experience and covers Tableau most of all, plus Power BI, Looker, Hex, SQL and data modelling, the analytics industry, and the craft of doing the job — always tool-agnostic and honest about the trade-offs. - **Author:** Tim Ngwena (just-tim, https://just-tim.com/about) - **Published:** 2021-09-24 - **Format:** Video · 1819 min watch · transcript available - **Topics:** Tool strategy, Analytics - **Tools:** Tableau (cloud, permissions, server) - **Canonical:** https://just-tim.com/posts/tableau-tutorial-for-beginners-tableau-server-tableau-online-permissions-part-1 - **Watch:** https://www.youtube.com/watch?v=AfT-_sJS7Sg I cover the fundamentals of Tableau Server and Tableau Online permissions, walking through roles from server admin down to viewer, how to apply permissions to projects and content, and how Tableau evaluates effective permissions. This is part one of a series, so I'm asking for comments to shape where part two goes. ## Key takeaways - Roles set the foundation for permissions, ranging from server admin and site admin down through project owners, content owners, explorers and viewers, with each tier having a defined scope of access. - Permissions can be applied either when publishing content or by placing content in a folder so it inherits that project's permissions, and you can lock permissions to a project to propagate them down to all content and nested projects. - Tableau evaluates effective permissions in a strict order: capability outside role, admin/project leader, content owner, then denied/allowed at user level before group level, with no permissions defaulting to denied. - Because Tableau checks denial first in the flow, hitting deny for all users blocks everyone even if you later grant a group access; using the 'none' template instead is safer since the default outcome is still denied. - Each content type (projects, workbooks, data sources, flows, metrics) exposes a different permissions matrix, and the 'set permissions' or 'administer' capability is dangerous as it lets users change their own access. ## Chapters - 0:00 Introduction and series intro - 1:13 What permissions and roles mean - 2:06 Roles from server admin to viewer - 3:33 Projects, nested projects and content owners - 6:48 Applying permissions and the permissions window - 8:51 Locking permissions to a project - 9:50 View and save options, adding groups - 12:08 Testing effective permissions - 13:38 How Tableau evaluates the permissions flow - 17:36 None versus denied explained - 20:11 The advanced permissions workflow - 24:36 Content-specific permissions: data sources and workbooks Watch the full video, read the transcript and use chapter deep-links on the page: https://just-tim.com/posts/tableau-tutorial-for-beginners-tableau-server-tableau-online-permissions-part-1 --- just-tim — Data and analytics, with a point of view. · https://www.youtube.com/channel/UC7HYxRWmaNlJux-X7rNLZyw · https://twitter.com/TableauTim · https://www.linkedin.com/in/timngwena