We are using PPU license. We want to share everday refreshed dataset to end users who want to self service using the dataset created by IT. Below are the options we thought about and nothing is fitting. Please suggest
1. Viewer role to the workpsace where dataset is uploaded. This will not work as end user is not able to see dataset or create new report out of it.
2. contributor role will allow them to see dataset, download pbix etc but they can also delete the content ( Report/dashboard/dataset) from that workpsace which we don't want
3. Create APPS by IT admin and share that dataset
a) App will allow end users to download that dataset in thier My Workspace and work on Power BI service itself.
b) When end users share content created by them again to IT admin to publish to larger audience, IT admin can't download as it is shared from that end users workpsace.
c) End user who created new content can't download that PBIX and share it with IT admin so that content stays in service and can't be downloaded.
4. Creating classic workpsace where no one can edit but this is not PPU workpsace and PPU features can't be used as it is just Pro workspace
5. We thought about giving access to snowflake where our data resides. From Power BI service get data we can't make snowflake connection where our data resides. End users are MAC users and going to do light reporting so configuring PBI desktop for everyone is not cost effective solution
create a dataset inside one workspace, I call this "data workspace", create an AAD security group, add all the content creators to this group, grant this group the dataset permission "build".
Content creators do not have to be inside of the "data workspace". Users of the "data workspace" (except users that have the Viewer role assigned) have to be considered an Analysis Services Tabular instance admin, meaning Row Level Security will not apply.
I think separating the data from the content by using two (at least) workspaces is the way to go to tackle your challenge.
Did I answer your question? Mark my post as a solution, this will help others!
Proud to be a Super User! I accept Kudos 😉 Hamburg, Germany
I have created dataset in seperate workspace called "Data Workpsace". From left navigation panel "dataset " shared that dataset with one user with build permission without making them viewer or contributor workspace. That user is able to see the dataset under " Shared with me" and create new content but again that content is not downloaded also that user tried to share content with me(Admin) not able to download it same like APPS.
How normal user and AAD sercurity group will make the difference in this test