Earn the coveted Fabric Analytics Engineer certification. 100% off your exam for a limited time only!
I'm leaning towards a AD role that matches the name of the workspace along with the role on the workspace. Something like PBI-{Workspace}.{Role}. Since I am working as a consultant and build out workspaces for companies my {Workspace} is a combination of Company_Department. So groups would be named PBI-Tesla_IT.Viewer, PBI-Tesla_IT.Contributor, PBI-Tesla_IT.Member, PBI-Tesla_IT.Admin.... Does that make sense? I'd prefer to find a MS doc that laid out a best practice. But if I have to roll my own, do you see any issue with what I have?
Thanks,
Phil
Solved! Go to Solution.
Hi @PAPutzback2,
we are using quite similar names as you suggested for our AAD-groups.
For workspaces we have the following set up:
Department - [Team - ] Name
And Department and Team are mostly abbreviations, so that the rest of the name is still visible in the menu items 🙂
So for example:
SCDM - DWH or
SCDM - MT - DWH.
For the AAD-groups we then use:
PowerBI-[Workspace name]-[Role]
Where Role can be either Admins, Members or Viewers.
Currently we don't use the Contributor role. And the viewers will (mostly) get access via the Published App, because we have Premium.
And to add to this, we also use a naming convention for the Gateway setup, because otherwise you can't find anything in that dreaded interface..
For the name of the gateway entry we use:
Type - Server - Database
SQL - Server01 - DB01
SSAS - Server02 - DB01
FILE - \\share\folder\file.xlsx
Hope this helps!
Did this help you or did I answer your question?
Then please give kudos or mark my post as a solution!
My blog: nickyvv.com
Twitter: @NickyvV
HI @PAPutzback2
Do you mean you'd like to set different permission for the different AD group?
In your scenario, you can create security group on O365 admin center referring this article: https://docs.microsoft.com/en-us/office365/admin/email/create-edit-or-delete-a-security-group?redire...
Then add all users into the corresponding security group. and add the group to the workspace with role specified.
I am looking for a naming convention standard. I would think that some people have an automated process for creating these groups and would require the request to have the fields filled out based on a standard that something like Powershell could be used to create the groups if the request was authorized,
Hi @PAPutzback2,
we are using quite similar names as you suggested for our AAD-groups.
For workspaces we have the following set up:
Department - [Team - ] Name
And Department and Team are mostly abbreviations, so that the rest of the name is still visible in the menu items 🙂
So for example:
SCDM - DWH or
SCDM - MT - DWH.
For the AAD-groups we then use:
PowerBI-[Workspace name]-[Role]
Where Role can be either Admins, Members or Viewers.
Currently we don't use the Contributor role. And the viewers will (mostly) get access via the Published App, because we have Premium.
And to add to this, we also use a naming convention for the Gateway setup, because otherwise you can't find anything in that dreaded interface..
For the name of the gateway entry we use:
Type - Server - Database
SQL - Server01 - DB01
SSAS - Server02 - DB01
FILE - \\share\folder\file.xlsx
Hope this helps!
Did this help you or did I answer your question?
Then please give kudos or mark my post as a solution!
My blog: nickyvv.com
Twitter: @NickyvV
Since I am working for a consulting company I created the AD Role as PBI-{Client}-{Application|Workspace}-{Role}. Workspaces were named prior to me coming about but they are {Client}_{Department|Application}. So I will make my standard to read that - dashes will always be used for separation and _ Underscores will replace spaces.
I have named my gateways the same way. I haven't used files yet. In the past I ran three separate gateways DEV, TEST and PROD.
Thanks for your input.
Phil