Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Earn the coveted Fabric Analytics Engineer certification. 100% off your exam for a limited time only!

Reply
Anonymous
Not applicable

Governance of workGroups ,content packs, and security

The question is how to encourage innovation without fostering chaos and support calls with hundreds of uncurated reports being shared from a large number of departmental or personal folders or, in the case of Power BI, workgroups ?   Our experience with over 1000 active Spotfire uses has taught us that some level of governance and oversight is important to long term sustainability.    

 

Does anyone know if there is a way in Power BI or Office 365 to limit the creation of work groups and content packs to designated individuals?

 

We would like to identify BI champions in the business who would be responsible for ensuring that security was appropriately assigned and that report certification/ownership/support was in place for Workgroups and content packs.   We believe that if we can manage the creation of workgroups and content packs we could potentially align our work group and content pack security with defined data families so that access to the work groups, content packs, and underlying datamarts (for direct query) would be driven by the same set of AD security groups.    The problem appears to be that anyone can create a workgroup or content pack and invite whomever they want to access it.

 

I've looked at the Power BI admin tenant settings, did not see options to limit creation of Workspaces and content packs in general to a specific group.  Is there perhaps an option in Office 365 that would accomplish this?

 

We would also like to limit, or at least monitor,  the use of personal gateways if possible.

 

Thanks, Mike

 

 

 

 

 

 

1 ACCEPTED SOLUTION

@Anonymous Your O365 admin can control this, but it would effect the entire environment. Kasper wrote up a blog here that details what you would need to do.


Looking for more Power BI tips, tricks & tools? Check out PowerBI.tips the site I co-own with Mike Carlo. Also, if you are near SE WI? Join our PUG Milwaukee Brew City PUG

View solution in original post

5 REPLIES 5

@Anonymous Your O365 admin can control this, but it would effect the entire environment. Kasper wrote up a blog here that details what you would need to do.


Looking for more Power BI tips, tricks & tools? Check out PowerBI.tips the site I co-own with Mike Carlo. Also, if you are near SE WI? Join our PUG Milwaukee Brew City PUG
Anonymous
Not applicable

Good morning Seth,

 

Thanks for the information, it was really difficult to reach this answer. 

 

I wonder what are tenant settings: 

a) Create template organizational content packs and apps

b) Push apps to the end users

 

I expected a) to be the place to control which security group (members) could create an app workspace, but apparently it is not. Is it still the only way to go through PowerShell? If so, I guess a Power BI Service Administrator is not capable to configure this, right?

 

Kind regards,

I think i know the answer for b): Normally, users can choose apps and click "install" in order to get access to an app. When allowing push, the app publisher can force the installation of an app by choosing the according option during publish. That way, users don't need to install apps themselves.

 

I hope that helps. 

Still wondering about a), though!

Anonymous
Not applicable

Thanks!  That looks very promising.  I think by extension this would also limit the ability to create content packs since they can only be created by admins of work groups.   

 

When you say "affect the entire environment" are you saying that the ability to create general O365 groups would also be limited to the specified individuals?  That probably would not be a problem but we would need to be aware of the limitation.

 

Any thoughts on the last part of my post on limiting or monitoring the utilization of personal gateways? 

 

Thanks, Mike

@Anonymous Environment - Yes all O365 groups, I believe that is outlined in the blog.

For the personal gateway/auditing question and seeing what is going on in your environment you can take a look at the Power BI Audit Logs. Offhand, I can't say if the personal gateway is a registered event. Chuck Sterling wrote up a quick how-to for making a report out of the logs to make them a bit easier to look through.


Looking for more Power BI tips, tricks & tools? Check out PowerBI.tips the site I co-own with Mike Carlo. Also, if you are near SE WI? Join our PUG Milwaukee Brew City PUG

Helpful resources

Announcements
April AMA free

Microsoft Fabric AMA Livestream

Join us Tuesday, April 09, 9:00 – 10:00 AM PST for a live, expert-led Q&A session on all things Microsoft Fabric!

March Fabric Community Update

Fabric Community Update - March 2024

Find out what's new and trending in the Fabric Community.

Top Solution Authors