Self-Service BI and Compliance

Question

We would like to empower our power users by giving them a self-service BI option. The issue now seems to be of compliance.

Just to be clear - I'm not a full fledged PowerBI developer or Administrator. From what I know, there is a MyWorkspace and Several Workspaces for the various environment such as Dev/QA/Stage/Production and eventually PowerBI Apps which the Business Users get to use; the artifacts gets published from Dev to Stage to Prod.

Compliance (Audit Team) is concerned that the Power-Users might make unwarranted change in the DataSets, Reports and Dashboards in the Production WorkSpace (Pointing to the Production Database) and publish these to the Apps which will eventually get consumed.

Can others share how they have addressed it in their respective environments?

Answer 1

For a workspace, you can set users to be one of four types, Admin, Member, Contributor and Viewer. For full details of what each role can do, see here.

What you need to to is set users as read only, they will not be able to edit or change any of the items in the workspace. I would also recommend in the Power BI Admin portal setting a defined group that allows people to download, export to pdf and those sort of options to stop users modifying locally on their Power BI Desktop. In the workspace overview, that list the items in the workspace, go to the 'Access' option, you will then get a list of the users and their current defined roles and the ability to set them to one of the four roles.