tableau-mcp-gap-set-project-default-permissions
Tableau MCP capability gap — set_project_default_permissions missing
Server: tableau-mcp v6.0.5
Gap: MCP exposes set_project_permissions (project nav perms) but NOT set_project_default_permissions (workbook/datasource/flow default rules applied to NEW content created in the project).
Why it matters: In ManagedByOwner projects (Tableau’s default), project default permissions are applied at content-creation time. Without this MCP tool, future-proofing perm grants for new workbooks in shared projects is impossible — admin must remember per-workbook grants forever.
Workaround in production: Per-workbook add_workbook_permissions after every new publish.
Cross-agent useful: Any agent (NOVA, OpenClaw CXO, dev-architect) doing Tableau governance work hits this same gap. Pre-knowing it saves the discovery cycle.
Production-safe pattern for ManagedByOwner project grants (Path Z):
- Get project (
get_project_by_id) → verifycontent_permissions(Locked vs ManagedByOwner) - If ManagedByOwner → DO NOT lock (overrides other owners’ perms with side effects)
- Set project Read on the project itself (
set_project_permissionswith{"Read": "Allow"}) for navigation - Per-workbook
add_workbook_permissionsfor each existing workbook - Flag manual-grant requirement for future workbooks
Capability set for standard View grant: Read, ViewComments, AddComment, ExportImage, ExportData, ViewUnderlyingData, Filter, ShareView — all Allow.
Requested upstream fix: Add set_project_default_permissions(project_id, content_type, user_id|group_id, capabilities) mapping to TSC ProjectItem.default_workbook_permissions / default_datasource_permissions / etc. endpoints.
Local source: /root/aj-ea/outputs/documents/mcp-gap-tableau-project-default-permissions-11-may-2026.md