Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Join us at FabCon Vienna from September 15-18, 2025, for the ultimate Fabric, Power BI, SQL, and AI community-led learning event. Save €200 with code FABCOMM. Get registered

info248

Manage report access approval by AD group

Submitted by on ‎11-10-2023 12:41 AM

When users request report access, we receive these nice messages in Teams (and by email) to grant access to a great report.

It is always very tempting to click on "grant access", but this only gives 1 user direct access to 1 report.


This bypasses all the best practices that are out there to “manage security by groups, give access to groups” etc…

Most people will manage audiences of a report by AD group, provide RLS role membership by AD group, all to avoid managing individual accesses.


But then PowerBI asks “do you want to give this person direct access to this report”, which defeats the purpose of having these best practices in place.


My idea for managing this security is when a users requests access to a report or App, a dialog comes up and asks “in which AD group do you want to add this person?”.

PowerBI knows which groups have access to a report or which groups are in audiences of an app. It would then manage the AD group access, and not fiddle with adding individuals to the report permissions.

If there are no groups with access to the report, it can revert to direct access.

Status: New
See more ideas labeled with:
2 Comments (2 New)
Comments
Rick_Hoffman
New Member
‎02-07-2025 02:00 PM

I completely agree that AD groups should control access. In our enterprise, we govern all data access with AD security groups. Individual user grants defeats the best practices and make attestation of who has access to what data very difficult.

fbcideas_migusr
New Member
‎02-25-2025 12:33 AM
Status changed to: New