When configuring Tableau Server on a Windows system, why is it important to use a dedicated ‘Run As’ service account rather than a regular user account?
A. To ensure that Tableau Server has unlimited administrative access to all system resources
B. To provide Tableau Server with the necessary permissions while limiting its access to only what is required for operation
C. To allow all users on the network to have administrative access to Tableau Server
D.
To enable automatic installation of updates for Tableau Server without manual intervention
B. To provide Tableau Server with the necessary permissions while limiting its access to only what is required for operation
Explanation:
Why B is Correct?
A dedicated 'Run As' service account follows the principle of least privilege, ensuring Tableau Server has only the permissions it needs to function (e.g., file system access, network ports) without excessive rights.
This enhances security by reducing the attack surface—compromising the service account won’t grant broader system access.
Tableau’s Installation Guide for Windows explicitly recommends this practice.
Why Other Options Are Incorrect?
A. Unlimited administrative access: Dangerous—violates security best practices and risks system integrity.
C. Granting all users admin access: A major security flaw; service accounts are for system processes, not end users.
D. Automatic updates: Unrelated—updates are managed via Tableau Services Manager (TSM), not the service account.
Key Benefits of a Dedicated Service Account:
Security: Limits damage from potential breaches.
Stability: Prevents conflicts with other services/user accounts.
Auditability: Isolates Tableau Server actions in logs.
Reference:
Microsoft’s Service Account Best Practices.
Final Note:
B is the only secure and compliant approach. Options A/C/D introduce unnecessary risks or misunderstandings of service accounts. Always configure with least privilege.