This control plane turns raw Tableau access and audit drift into one review surface: permission sprawl, broken group sync, stale certification proof, external sharing risk, telemetry gaps, and the remediation packets needed before sensitive content or executive reporting paths slip out of policy.
| Lane | Owner | Focus | Status | Findings | Next action |
|---|---|---|---|---|---|
| Permission governance lane Critical Tableau projects still depend on manual overrides that widen access beyond reviewed groups. | BI Platform | Least-privilege project permissions and workbook overrides | red | 2 | Collapse manual grants back into reviewed group policy before the next audit cycle. |
| Group sync lane Group sync lag is leaving stale accounts active on sensitive Tableau content. | Identity Operations | Directory-backed groups, site roles, and entitlement freshness | red | 1 | Restore group freshness and remove inactive access from executive-reader paths. |
| Certification confidence lane Certification posture is recoverable, but owner proof and review continuity are stale on finance content. | Reporting Operations | Certified sources, owner evidence, and review freshness | yellow | 2 | Revalidate certified assets against current owners and approved review packets. |
| Sharing and audit lane External links and telemetry proof are still partially manual. | Platform Operations | External shares, activity exports, and audit continuity | yellow | 5 | Close expired sharing paths and restore audit export continuity. |