EDIT: 20-April-2016: About 2.5 years ago I warned you that that they could go away….Well, in 9.3, they went away in a default configuration of the Server. Sorry. More info here, but you probably don’t want to use these techniques any more: http://kb.tableau.com/articles/knowledgebase/xml-endpoints-no-longer-available
…A continuation of Tableau Server XML Information Files
Before you can ask for one of these juicy XML files, you must authenticate against the server. There are three ways to do so:
- Quick and dirty: Login via the browser
- Scripted: Write a simple batch file or script to do the work
- Fancy: Write Ruby / Python / C# / whatever code to login
It’s important to note that the identity you login with (authentication) has a huge impact on what you can see and do (authorization).
For example, if I login as an Administrator I can hit all of the “admin-ish” pages and files to do things like:
- Get a list of sites on my server (/sites.xml)
- See the collection of data connections (/data_connections.xml) on the box
As a “regular” user, if I try to view some of this stuff, I’ll get the brush off:
If I ask for the XML file, it’ll simply be empty.
Here’s the really important bit: The identity you’ve logged in with will automatically modify a file’s content. If you login as Moe and ask for workbooks.xml, the file will list only the workbooks Moe has permissions to see. Login as Larry and ask for datasources.xml? It’ll contain the data sources that Larry has permissions to consume.
Exciting or surprising? No. Useful? Oh yes.
This behavior will allow you to determine per-user permissions on workbooks, data sources, and views.
How? Login as the user in question, ask for the file and you’re done.
Problem / Objection #1
Don’t have the password for each user account on your Server? (It actually would be a little scary if you did)
No worries. Drop a different “dummy user” with a password you DO know into each Tableau Group that your users are a part of. Login as the appropriate dummy user, get your file, and you should be looking at the same list that the “real” user would return.
Problem / Objection #2
You don’t use groups, you say? You’re a fan of the “willy-nilly, per-user permissioning, make-my-life-hard” technique? Well shame on you. Don’t do that.
Don’t worry, though. I still have a solution for you. It is more difficult to implement, but since you like doing things the hard way anyway, it’ll be more of the same. Details in a few paragraphs.
Scripted Logins
We won’t bother discussing how to login to Tableau Server. Let’s get right to “scripted logins”.
Using TabCmd, you can login as any user and then use the get command to grab the file of your choice. These steps can be added to a batch file or scripted, of course:
You can also get more fancy. This technique is more complex but is useful because it allows you to “impersonate” any user and get a file which is “modified” based on their identity. “Objection #2” people will want to read up.
- Configure Trusted Authentication on Tableau Server
- Configure Tableau Server to trust the IP address or hostname from where you’ll be running your scripts
- Configure Tableau Server to use Unrestricted Tickets. You must do this or you will be unable to request the XML files without a Permissions Denied error
After you’ve taken care of the configuration, you can use a tool like cURL to both request a trusted ticket from Tableau as any user, and then use the ticket to retrieve the file you want.
First, request a ticket, which authenticates the user “russch” on the Tableau Server “wintableau”:
Note the ticket which got returned (fplnW19….)
Then, use CURL to request the view that you want using the ticket.
- Parameter –L allows for redirects (necessary)
- Parameter –c allows cURL to save a cookie, which is necessary for authentication to work correctly
- Parameter –o stores the file to your file system
In case you can’t see the image above, the command-line is:
curl http://winTableau/trusted/<ticket>/views.xml -L -c c:tempcookies.txt -o c:tempviews.xml
Here’s everything put together:
AND, just because I like you, how about a nice little batch file that does the same thing automatically (copy/paste into a notepad and save as “something.bat”:
FOR /f %%A IN (‘curl -d “username=russch” http://wintableau/trusted’) DO SET FOO=%%A
curl http://winTableau/trusted/%FOO%/views.xml -L -c c:tempcookies.txt -o c:tempviews.xml
Let’s get fancy
You can also write code which handles authenticating against Tableau Sever, requesting the file you want, and writing it to your file system. You’ll need to understand how crypto works and how to use the crypto libraries supported by your development platform of choice, so this approach is not for the meek. Here are three GREAT examples of logging into Tableau Server and requesting a document:
Tamas Foldi (the father of Tableau hacking) does Ruby:
Github Gist: https://gist.github.com/tfoldi/5450418
Atilla Horvath does Java:
Github repo: https://github.com/horvathattila/TableauServerWebserviceAuth
Ingvar Ljosland does C#:
http://community.tableausoftware.com/docs/DOC-5251
And there you have it. You now know how to authenticate against Tableau Server using 3 different techniques and you also know how to ask for stuff.
In the next post, we’ll actually address what the “stuff” is.