Skip to main content

Delete Datasource

Deletes a published data source from the current Tableau site as the destructive step of the Stale Content Cleanup workflow.

This tool is admin-only and is registered only when the ADMIN_TOOLS_ENABLED environment variable is enabled. Non-administrator callers are rejected before any action is taken.

The tool is two-phase to keep the destructive action safe:

  1. Preview (default — confirm omitted or false): tags the data source with pending-deletion (reversible, visible in the Tableau UI; label configurable via the tag argument), reports the data source name, project, and owner, warns which workbooks and flows depend on it and may break, and does not delete anything.
  2. Delete (confirm: true): permanently removes the data source. Before deleting, the server re-fetches the data source and verifies it carries the pending-deletion tag applied in the preview step. A confirmed delete against an untagged data source is rejected (see the server-authoritative gate note). On Tableau Cloud the data source is moved to the recycle bin and can be restored for a limited time before permanent removal; on Tableau Server there is no recycle bin and deletion is permanent.
Human confirmation required — advisory, not enforced

Between the preview and the delete, the calling agent is instructed (via the tool description and the preview response) to surface the data source identity and its dependent content to the user and obtain explicit approval before deleting. This human-approval step is a prompt-level expectation, not a server guarantee: the tag gate proves a preview ran, but the server cannot observe whether a human actually approved. An agent that calls preview and then confirm itself satisfies the gate with no human in the loop. Enforcing true human-in-the-loop (out-of-band approval the agent cannot forge) is tracked as follow-up work.

MCP-Apps confirm panel (cooperative human-in-the-loop)

When the mcp-apps feature flag is enabled, this tool ships with an MCP App and the preview phase renders an in-iframe confirm panel (data source name, project, owner, and a live countdown) instead of returning preview text the model could act on. The destructive delete is then performed only when a person clicks Delete data source in that panel, which invokes the model-invisible confirm-delete-datasource tool (visibility: ['app']). With the flag on, the model-driven confirm: true path is closed — the assistant cannot delete on the user's behalf; the only route to deletion is the human gesture. The confirm tool re-verifies both the live pending-deletion tag and a fresh, single-use human approval recorded during the preview (within MUTATION_PREVIEW_TTL_MINUTES, default 5); either missing rejects the delete. When the flag is off the tool behaves exactly as the two-phase confirm/tag flow described above.

Cooperative, not server-enforced

This is cooperative human-in-the-loop: it depends on the MCP client honoring visibility: ['app'] (hiding the confirm-* tool from the model) and rendering the confirm panel. The human approval is recorded during the model-driven preview phase, so a non-cooperating client that ignores the visibility hint could still drive preview → confirm-* back-to-back with no human gesture. For this data source tool the live pending-deletion tag re-check still proves a preview ran, but neither gate proves a human approved. Server-enforced HITL (an approval primitive the model cannot forge or reach) is tracked as follow-up work (W-23125362).

Server-authoritative gate

The confirm phase does not trust any caller-supplied value. It re-fetches the data source from Tableau and only deletes if the data source is currently tagged pending-deletion (or the custom tag value). The tag is server-side state that the caller can only set by running the preview phase, so the gate genuinely proves a preview happened — it cannot be bypassed by computing or guessing a token, which the prior confirmationToken (a caller-derivable sha256) could be. The live re-fetch deliberately ignores any cached copy so the check reflects the data source's current state at delete time.

What this gate does and does not guarantee. It proves a preview ran (closing the caller-computable-token bypass). It does not prove a human approved — an agent that runs both the preview and the confirm satisfies it on its own. Server-enforced human-in-the-loop requires an out-of-band approval primitive (e.g. MCP URL-mode elicitation) and is tracked as follow-up work.

Authoritative audit

Every mutation attempt — both the preview and the confirmed delete, and both allowed and denied attempts (for example a non-admin caller, or a confirm without a prior preview) — emits a structured authoritative audit record to the server's durable log sink (logger audit, level notice), not just to the tool-response text. Each record captures the actor identity (username, user/site LUID, site name), the tool, action, phase, the target (id, name, project, owner), the confirmation evidence kind (tag here), and the result. The raw tag is described, never anything secret. This routing is centralized in the shared mutation guard so every TMCP mutation tool audits identically.

Dependent content is not deleted

Deleting a published data source does not delete the workbooks or flows that use it. Those items remain but lose this data source (their views/extracts may break). The preview phase surfaces these dependents so you can decide before deleting. The dependency check uses the Metadata API; if the Metadata API is disabled or unavailable, the preview notes that and still allows deletion.

Tool scoping

This tool honors the same tool-scoping rules as the read tools (for example Get Datasource Metadata). If the server is configured with a bounded context (such as INCLUDE_DATASOURCE_IDS or INCLUDE_PROJECT_IDS), a data source that falls outside that scope cannot be previewed or deleted — the request is rejected before any tag or delete, so there are no side effects. Being an administrator does not bypass tool scoping.

APIs called

Required arguments

datasourceId

The LUID of the published data source to delete, potentially retrieved by the List Datasources tool.

Example: 222ea993-9391-4910-a167-56b3d19b4e3b

Optional arguments

confirm

When omitted or false, runs the non-destructive preview (tags, warns about dependents, and reports). When true, permanently deletes the data source — but only if the data source already carries the pending-deletion tag from a prior preview (verified by a live re-fetch; see server-authoritative gate). Pass the same tag value used in the preview if you overrode the default.

Example: true

tag

The label applied to the data source during the preview phase to mark it as pending deletion. Reversible and visible in the Tableau UI. Defaults to pending-deletion; callers (for example a stale-content cleanup workflow) can override it with their own vocabulary.

Example: stale-pending-deletion

Side effects

  • Preview adds the pending-deletion tag (pending-deletion by default, or the tag value) to the data source. This is reversible and visible in the Tableau UI. No content is deleted.
  • Delete removes the data source. On Tableau Cloud it is moved to the recycle bin and can be restored for a limited time before it is permanently purged; on Tableau Server there is no recycle bin and deletion is permanent. Dependent workbooks and flows are not deleted but lose this data source. Always run the preview first, review the dependency warning, and confirm the data source identity before deleting.