What statement correctly describes locking permissions to a project?

In Tableau Server, projects organize content (workbooks, data sources) and use permissions to control access. "Locking permissions" restricts how permissions are managed within a project—let’s explore this exhaustively:

Permission Management Modes:

Managed by Owner: Default mode. Content owners (e.g., workbook publishers) can set permissions on their items, inheriting project defaults as a starting point.

Locked to the Project: Project-level permissions are enforced, and content owners cannot modify them. This ensures consistency across all items in the project.

How to Lock:

In the Tableau Server web UI:

Go to Content > Projects.

Select a project, click Actions > Permissions.

In the Permissions dialog, change Permissions Management from "Customizable" (Managed by Owner) to "Locked."

Set the desired permissions (e.g., Viewer, Editor) for users/groups, which then apply uniformly to all content.

Via REST API: Use the updateProject endpoint with "permissionsLocked": true.

Option B (You can lock permissions to a project by changing Customizable to Locked): Correct.

Details: This is the precise action in the UI—switching from "Customizable" to "Locked" locks permissions at the project level.

Impact: Owners lose the ability to override permissions on individual workbooks/data sources, enforcing governance.

Example: Set "All Users" to Viewer (Locked)—all content in the project is view-only, regardless of owner intent.

Option A (Locking permissions must be enabled on the Server Settings page): Incorrect.

Why: Locking is a per-project setting, not a server-wide toggle. The Server Settings page (via TSM) controls global configs (e.g., authentication), not project permissions.

Option C (Content permissions are locked by default): Incorrect.

Default: New projects are "Managed by Owner" (Customizable), allowing flexibility unless explicitly locked by an admin.

Option D (By setting the appropriate Project permission role): Incorrect.

Confusion: "Project permission role" isn’t a term—permissions are set via rules (e.g., Viewer, Editor), but locking is a separate action (Customizable → Locked).

Why This Matters: Locking permissions ensures uniform access control, critical for regulated environments or large teams where consistency trumps flexibility.