When publishing a Data Source to Tableau Server, you can choose to impersonate another user. Impersonation helps to apply the security context that is specific to the user being impersonated; in case of Tableau, it will be the user logging into Tableau; thus allowing the tableau user to only see the data that he/she is allowed to see.
A Tableau Data Connection to a SQL Server relational database can be made by using either Windows Authentication or SQL Server Authentication. After creating the Data Connection, the Data Source can be published to Tableau Server. While publishing, the Data Source can be configured to use a specific Authentication. Here is a list ofchoices.
The choices made while creating the Data Connection and publishing the Data Source determine how logging into and reading data from a SQL Server database behaves when a workbook deployed to Tableau Server is opened.
The choice made during creating the Data Connection determines which SQL Server login is used to make connection and log into the database engine. Whereas, the Authentication choice made during publishing the Data Source to Tableau Server determines the security context under which the query is run.