Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Enhance your career with this limited time 50% discount on Fabric and Power BI exams. Ends August 31st. Request your voucher.

Reply
Clara_HCN
Frequent Visitor

How to limit a Power BI report built from Azure SQL database to be published to personal workspace

‎07-03-2025 07:23 PM

I am working on the Power BI reports management, and my organization would like to take control of publishing Power BI reports. If any Power BI report connect to Azure SQL database, the report should be published into public workspace rather than personal workspace. Is it possible to manage it?

Labels:
Message 1 of 12
410 Views
0
1 ACCEPTED SOLUTION
v-tejrama
Community Support
Community Support
In response to Clara_HCN

‎07-07-2025 11:23 PM

Hi @Clara_HCN ,

 

Thanks for explaining your situation more clearly. Given that you have multiple Azure SQL environments Development, Test, Acceptance, and Production and wish to ensure that reports using Production Azure SQL are only published to shared workspaces, while also managing publishing permissions, you can achieve this with a mix of governance and security measures.

I recommend creating dedicated Power BI workspaces for each environment and restricting publishing rights in the Production workspace to selected users. This prevents unauthorized publishing of Production SQL reports to public workspaces. Implementing a naming convention for connections such as including Prod or Test in the server name will help with tracking.

Additionally, Microsoft Purview’s DLP policies can detect and alert you to any attempts to publish Production SQL reports to the wrong workspace. Enabling Power BI audit logs will provide oversight on who is publishing and to which environment. Disabling personal workspace publishing via the Admin Portal ensures all reports are managed through approved workspaces.

Assign appropriate roles through security groups, such as contributor for developers and admin for reviewers, and consider a manual review process for reports built on Production SQL before final publishing. While Power BI does not offer a direct setting to block publishing by data source, these steps provide effective control and visibility. Please let me know if you need assistance with DLP or security role configuration.

Thank you,
Tejaswi.

View solution in original post

Message 11 of 12
157 Views
11 REPLIES 11
rohit1991
Super User
Super User

‎07-04-2025 12:21 AM

Hi @Clara_HCN ,

 

Unfortunately, Power BI doesn’t currently have a built-in way to automatically prevent reports built from Azure SQL (or any specific data source) from being published to personal workspaces. It’s an “all or nothing” switch: either personal workspace publishing is allowed for everyone, or you disable it for everyone via the Power BI Admin Portal. There’s no granular setting based on data source. Here’s what works: 

 

  1. Disable Personal Workspace Publishing: In the Power BI Admin Portal, you can block all publishing to personal workspaces. This means no one can publish reports to their own workspace, regardless of source. Yes, it’s a bit blunt, but it’s the only guaranteed way right now.

  2. Set Up Shared Workspaces for Each Environment: Use separate workspaces for Dev, Test, Acceptance, and Production. Give publishing rights to only the people who need them, especially in Production.

  3. Use Security Groups: If you want some exceptions (for example, allowing dev teams to still publish personally), use security groups and allow-list certain users. For most people, keep it locked down.

  4. Implement DLP and Audit Logs: Set up Data Loss Prevention policies and Power BI audit logs to alert you if sensitive data is published to the wrong place, or to monitor who is publishing what, and where.

  5. Restrict Azure SQL Connections: For extra control, restrict Azure SQL database access so only approved Power BI workspaces can connect (using IP/VNet whitelisting).

  6. Manual Approval (if really needed): If you need a review process before publishing to Production, consider having a manual check or even a separate workspace where reports are reviewed before being moved to Production.


There isn’t a way to block personal workspace publishing based on data source right now, but a combination of admin portal settings, workspace structure, and DLP/audit policies is the current best practice for enterprise Power BI governance.


Did it work? ✔ Give a Kudo • Mark as Solution – help others too!
Message 12 of 12
307 Views
0
v-tejrama
Community Support
Community Support

‎07-04-2025 12:01 AM

Hi @Clara_HCN ,

Thanks for reaching out to the Microsoft fabric community forum.

 

I understand your goal, and while Power BI doesn't currently offer automatic controls to direct report publishing based on data source such as ensuring anything using Azure SQL lands in a shared workspace rather than a personal one we can still establish strong safeguards.

Here are effective steps you can take:

  1. Disable publishing to personal workspaces in the Power BI Admin Portal. This guarantees reports are only published to approved, shared workspaces.
  2. Implement DLP (Data Loss Prevention) policies to detect and alert you when reports use Azure SQL, helping prevent sensitive data from being published in the wrong place.
  3. Leverage audit logs to track Azure SQL connections and report destinations, with the option to set up alerts for unusual activity.
  4. Restrict Azure SQL access by IP or VNet, ensuring only authorized Power BI workspaces can connect.

While there isn't a single setting for conditional publishing, these strategies will give you robust control and visibility over how and where reports leveraging Azure SQL are published.

 

If the response has addressed your query, please "Accept it as a solution" and give a "Kudos" so other members can easily find it.


Best Regards,
Tejaswi.
Community Support

 

Message 6 of 12
317 Views
0
Clara_HCN
Frequent Visitor
In response to v-tejrama

‎07-04-2025 12:19 AM

Hi @v-tejrama ,thanks for your answer. But if we take the steps recommended by you, will it reject all reports to be published in personal workspace?

Message 7 of 12
307 Views
0
v-tejrama
Community Support
Community Support
In response to Clara_HCN

‎07-04-2025 03:38 AM

Hi @Clara_HCN ,

Thanks for coming back,

 

Yes, if you go ahead and disable publishing to personal workspaces in the Power BI Admin Portal, it will block all reports from being published there, no matter what data source they’re using.

So it's kind of an all-or-nothing switch. Power BI doesn't let you block just Azure SQL reports, once you turn that setting off, no one will be able to publish anything to their personal workspace unless they’ve been specifically allowed.

That said, you can make it a bit more flexible by using security groups. For example, you could allow certain users (like developers or trusted teams) to keep publishing to personal workspaces, while restricting everyone else.

 

Thank you.

Message 8 of 12
256 Views
0
v-tejrama
Community Support
Community Support
In response to v-tejrama

‎07-07-2025 01:57 AM

Hi @Clara_HCN ,

 

I wanted to check if you had the opportunity to review the information provided. Please feel free to contact us if you have any further questions.

 

Thank you.

Message 9 of 12
203 Views
0
Clara_HCN
Frequent Visitor
In response to v-tejrama

‎07-07-2025 05:51 PM

Thanks @v-tejrama . In my case,

1. We have different environments for Azure SQL(Development-Test-Acceptance-Production).

2. We want report builders to publish reports to public workspaces if they build reports from production Azure SQL.

3. But we don't want report builders to create and publish reports to public workspace without control.  

Do you have any good idea on how to achieve it? Thanks.

Message 10 of 12
183 Views
0
v-tejrama
Community Support
Community Support
In response to Clara_HCN

‎07-07-2025 11:23 PM

Hi @Clara_HCN ,

 

Thanks for explaining your situation more clearly. Given that you have multiple Azure SQL environments Development, Test, Acceptance, and Production and wish to ensure that reports using Production Azure SQL are only published to shared workspaces, while also managing publishing permissions, you can achieve this with a mix of governance and security measures.

I recommend creating dedicated Power BI workspaces for each environment and restricting publishing rights in the Production workspace to selected users. This prevents unauthorized publishing of Production SQL reports to public workspaces. Implementing a naming convention for connections such as including Prod or Test in the server name will help with tracking.

Additionally, Microsoft Purview’s DLP policies can detect and alert you to any attempts to publish Production SQL reports to the wrong workspace. Enabling Power BI audit logs will provide oversight on who is publishing and to which environment. Disabling personal workspace publishing via the Admin Portal ensures all reports are managed through approved workspaces.

Assign appropriate roles through security groups, such as contributor for developers and admin for reviewers, and consider a manual review process for reports built on Production SQL before final publishing. While Power BI does not offer a direct setting to block publishing by data source, these steps provide effective control and visibility. Please let me know if you need assistance with DLP or security role configuration.

Thank you,
Tejaswi.

Message 11 of 12
158 Views
Akash_Varuna
Super User
Super User

‎07-03-2025 09:42 PM

Hi @Clara_HCN Power BI doesn’t support blocking publishing to personal workspaces based on data source. You can disable personal workspace publishing via admin portal settings. Use DLP policies and audit logs to monitor Azure SQL usage. Also, restrict Azure SQL access to specific IPs or VNets for better control.

Message 2 of 12
366 Views
0
Clara_HCN
Frequent Visitor
In response to Akash_Varuna

‎07-03-2025 11:01 PM

Hi @Akash_Varuna , thanks for your reply. If we can disable the publishing to personal workspace, is it possible to add approal process when the users press the button of Publish in Power BI Desktop? Thanks.

Message 3 of 12
349 Views
0
Akash_Varuna
Super User
Super User
In response to Clara_HCN

‎07-03-2025 11:10 PM

Hi @Clara_HCN I dont think it is supported when users click “Publish” from Power BI Desktop. You can disable publishing to personal workspaces via the admin portal. For governance, use deployment pipelines and restrict workspace access. Audit logs and DLP policies help monitor and enforce compliance.

Message 4 of 12
339 Views
0
Clara_HCN
Frequent Visitor
In response to Akash_Varuna

‎07-04-2025 12:21 AM

Hi @Akash_Varuna thanks. If we disable publishing to personal workspaces, does it means the users are not allowed to publish any reports in their own personal workspaces? thanks.

Message 5 of 12
307 Views
0

Helpful resources

Announcements
July 2025 community update carousel

Fabric Community Update - July 2025

Find out what's new and trending in the Fabric community.

July PBI25 Carousel

Power BI Monthly Update - July 2025

Check out the July 2025 Power BI update to learn about new features.

View All