Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Earn the coveted Fabric Analytics Engineer certification. 100% off your exam for a limited time only!

Reply
PAPutzback2
Helper II
Helper II

Has anyone come across a naming convention for the AD groups assign to PBI Roles

I'm leaning towards a AD role that matches the name of the workspace along with the role on the workspace. Something like PBI-{Workspace}.{Role}. Since I am working as a consultant and build out workspaces for companies my  {Workspace} is a combination of Company_Department. So groups would be named PBI-Tesla_IT.Viewer, PBI-Tesla_IT.Contributor, PBI-Tesla_IT.Member, PBI-Tesla_IT.Admin.... Does that make sense? I'd prefer to find a MS doc that laid out a best practice. But if I have to roll my own, do you see any issue with what I have?

 

Thanks,

Phil

1 ACCEPTED SOLUTION

Hi @PAPutzback2,

we are using quite similar names as you suggested for our AAD-groups.

For workspaces we have the following set up:

Department - [Team - ] Name

And Department and Team are mostly abbreviations, so that the rest of the name is still visible in the menu items 🙂

So for example:

SCDM - DWH or

SCDM - MT - DWH.

 

For the AAD-groups we then use:
PowerBI-[Workspace name]-[Role]

Where Role can be either Admins, Members or Viewers.

Currently we don't use the Contributor role. And the viewers will (mostly) get access via the Published App, because we have Premium.

 

And to add to this, we also use a naming convention for the Gateway setup, because otherwise you can't find anything in that dreaded interface..

For the name of the gateway entry we use:

Type - Server - Database

SQL - Server01 - DB01

SSAS - Server02 - DB01

FILE - \\share\folder\file.xlsx

 

Hope this helps!

 

Did this help you or did I answer your question?
Then please give kudos or mark my post as a solution!
My blog: nickyvv.com
Twitter: @NickyvV



Did I answer your question? Mark my post as a solution!

Blog: nickyvv.com | @NickyvV


View solution in original post

4 REPLIES 4
v-diye-msft
Community Support
Community Support

HI @PAPutzback2 

 

Do you mean you'd like to set different permission for the different AD group?

In your scenario, you can create security group on O365 admin center referring this article: https://docs.microsoft.com/en-us/office365/admin/email/create-edit-or-delete-a-security-group?redire... 

Then add all users into the corresponding security group. and add the group to the workspace with role specified. 

 

Community Support Team _ Dina Ye
If this post helps, then please consider Accept it as the solution to help the other members find it more
quickly.

I am looking for a naming convention standard. I would think that some people have an automated process for creating these groups and would require the request to have the fields filled out based on a standard that something like Powershell could be used to create the groups if the request was authorized,

Hi @PAPutzback2,

we are using quite similar names as you suggested for our AAD-groups.

For workspaces we have the following set up:

Department - [Team - ] Name

And Department and Team are mostly abbreviations, so that the rest of the name is still visible in the menu items 🙂

So for example:

SCDM - DWH or

SCDM - MT - DWH.

 

For the AAD-groups we then use:
PowerBI-[Workspace name]-[Role]

Where Role can be either Admins, Members or Viewers.

Currently we don't use the Contributor role. And the viewers will (mostly) get access via the Published App, because we have Premium.

 

And to add to this, we also use a naming convention for the Gateway setup, because otherwise you can't find anything in that dreaded interface..

For the name of the gateway entry we use:

Type - Server - Database

SQL - Server01 - DB01

SSAS - Server02 - DB01

FILE - \\share\folder\file.xlsx

 

Hope this helps!

 

Did this help you or did I answer your question?
Then please give kudos or mark my post as a solution!
My blog: nickyvv.com
Twitter: @NickyvV



Did I answer your question? Mark my post as a solution!

Blog: nickyvv.com | @NickyvV


Since I am working for a consulting company I created the AD Role as PBI-{Client}-{Application|Workspace}-{Role}. Workspaces were named prior to me coming about but they are {Client}_{Department|Application}. So I will make my standard to read that - dashes will always be used for separation and _ Underscores will replace spaces.

 

I have named my gateways the same way. I haven't used files yet. In the past I ran three separate gateways DEV, TEST and PROD.

 

Thanks for your input. 

Phil

 

Helpful resources

Announcements
April AMA free

Microsoft Fabric AMA Livestream

Join us Tuesday, April 09, 9:00 – 10:00 AM PST for a live, expert-led Q&A session on all things Microsoft Fabric!

March Fabric Community Update

Fabric Community Update - March 2024

Find out what's new and trending in the Fabric Community.

Top Solution Authors
Top Kudoed Authors