Description:

Power BI currently lacks the ability to manage publishing permissions at the individual app level. The existing tenant setting, “Publish apps to the entire organization,” operates only at the user or Azure AD group level. Once access is granted, users can publish any app they have access to—without restriction.

This presents a critical governance gap for organizations with large-scale Enterprise and Self-Service BI environments. Sensitive apps containing confidential data can be inadvertently published to the entire organization, increasing the risk of data exposure and compliance violations.

Why This Feature Is Needed

• Lack of Granularity: Current controls do not allow administrators to restrict publishing rights to specific apps.
• Risk of Oversharing: Users with publishing rights can unintentionally expose sensitive content.
• Governance Challenges: The inability to enforce app-level controls undermines enterprise data governance frameworks.

Requested Enhancement

Introduce App-Level Publishing Controls that allow Power BI administrators to:

• Grant publishing rights on a per-app basis.
• Prevent unauthorized publishing of high-risk or sensitive apps.
• Align publishing permissions with app ownership and stewardship responsibilities.

Why Workarounds Aren’t Enough

While current workarounds—such as workspace-level governance, app audiences, and activity log monitoring—offer partial mitigation, they do not address the core issue: who can publish what.

This feature is essential for organizations operating at enterprise scale and would significantly enhance Power BI’s alignment with modern governance and compliance standards.

Thank you for considering this request. We welcome the opportunity to provide further use case details if needed.