Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Try your skills in the Power BI Dataviz World Championship! Round one ends June 26. Join now

Reply
Harsh_Insights
Frequent Visitor

How to manage dataset access for sales and marketing teams in Power BI while maintaining governance?

‎10-24-2025 02:49 AM

Hi everyone,

 

I’m working on a Power BI setup for a retail company.

  • The sales team needs access to the latest sales data only
  • The marketing team needs access to both sales data and customer feedback data

I want to ensure the right teams see only what they are supposed to, while maintaining proper data governance and security.
What is the best architectural approach to achieve this?

 

My question is:
Would it be better to


1. Create a single workspace and manage access using dataset permissions or app audience segmentation?
or

2. Create two separate workspaces , one for Sales and one for Marketing ,each with their respective datasets and reports?



Which approach is recommended in terms of governance, scalability, security and manageability?



Thanks in advance for your guidance

Labels:
Message 1 of 5
929 Views
0
1 ACCEPTED SOLUTION
v-pnaroju-msft
Community Support
Community Support

‎10-24-2025 11:23 AM

Thankyou, @vojtechsima and @AnalyticPulse for your response.

Hi Harsh_Insights,

We appreciate your enquiry through the Microsoft Fabric Community Forum.

Based on my understanding, to ensure secure, scalable and governed access for both the Sales and Marketing teams, implement a hybrid setup, maintain a single certified dataset as the source of truth and create separate workspaces or apps for each team to manage access and distribution.

Please follow the steps below, which may help resolve the issue:

  1. Create one governed dataset in a central workspace and promote or certify it so that both teams consume the same trusted data model.
  2. Grant Build permission only to users or groups who should create new reports. Restrict others to Viewer access to prevent unintended mashups.
  3. Publish team specific reports in their respective Sales and Marketing workspaces. Distribute these reports using Power BI Apps and manage visibility through App Audiences.
  4. Apply Microsoft Purview and sensitivity labels to maintain data governance and to control data export and sharing.
  5. Restrict Workspace Owner or Member roles to administrators, conduct periodic access reviews, and monitor usage through audit logs.

Use Row Level Security (RLS) only where row filtering is required (for example, date based or region based data restrictions). Separate datasets are necessary only if complete data isolation is required for strict compliance scenarios, otherwise, a single certified dataset simplifies management.

Additionally, please refer to the links below:
Build Permission for Shared Semantic Models - Power BI | Microsoft Learn
Semantic model permissions - Power BI | Microsoft Learn
Publish an app in Power BI - Power BI | Microsoft Learn
Apps in Power BI - Power BI | Microsoft Learn
Endorse your content - Power BI | Microsoft Learn
Endorse Fabric and Power BI items - Microsoft Fabric | Microsoft Learn
Sensitivity labels from Microsoft Purview Information Protection in Power BI - Microsoft Fabric | Mi...
How to apply sensitivity labels in Power BI - Microsoft Fabric | Microsoft Learn
Row-level security (RLS) with Power BI - Microsoft Fabric | Microsoft Learn

We hope the information provided helps to resolve the issue. If you have any further queries, please feel free to contact the Microsoft Fabric community.

Thank you.

View solution in original post

Message 4 of 5
857 Views
4 REPLIES 4
v-pnaroju-msft
Community Support
Community Support

‎10-24-2025 11:23 AM

Thankyou, @vojtechsima and @AnalyticPulse for your response.

Hi Harsh_Insights,

We appreciate your enquiry through the Microsoft Fabric Community Forum.

Based on my understanding, to ensure secure, scalable and governed access for both the Sales and Marketing teams, implement a hybrid setup, maintain a single certified dataset as the source of truth and create separate workspaces or apps for each team to manage access and distribution.

Please follow the steps below, which may help resolve the issue:

  1. Create one governed dataset in a central workspace and promote or certify it so that both teams consume the same trusted data model.
  2. Grant Build permission only to users or groups who should create new reports. Restrict others to Viewer access to prevent unintended mashups.
  3. Publish team specific reports in their respective Sales and Marketing workspaces. Distribute these reports using Power BI Apps and manage visibility through App Audiences.
  4. Apply Microsoft Purview and sensitivity labels to maintain data governance and to control data export and sharing.
  5. Restrict Workspace Owner or Member roles to administrators, conduct periodic access reviews, and monitor usage through audit logs.

Use Row Level Security (RLS) only where row filtering is required (for example, date based or region based data restrictions). Separate datasets are necessary only if complete data isolation is required for strict compliance scenarios, otherwise, a single certified dataset simplifies management.

Additionally, please refer to the links below:
Build Permission for Shared Semantic Models - Power BI | Microsoft Learn
Semantic model permissions - Power BI | Microsoft Learn
Publish an app in Power BI - Power BI | Microsoft Learn
Apps in Power BI - Power BI | Microsoft Learn
Endorse your content - Power BI | Microsoft Learn
Endorse Fabric and Power BI items - Microsoft Fabric | Microsoft Learn
Sensitivity labels from Microsoft Purview Information Protection in Power BI - Microsoft Fabric | Mi...
How to apply sensitivity labels in Power BI - Microsoft Fabric | Microsoft Learn
Row-level security (RLS) with Power BI - Microsoft Fabric | Microsoft Learn

We hope the information provided helps to resolve the issue. If you have any further queries, please feel free to contact the Microsoft Fabric community.

Thank you.

Message 4 of 5
858 Views
Harsh_Insights
Frequent Visitor
In response to v-pnaroju-msft

‎10-24-2025 09:23 PM

Thank you @v-pnaroju-msft for the detailed explantion . Really appreciate your effort and clarity

Message 5 of 5
832 Views
0
AnalyticPulse
Solution Sage
Solution Sage

‎10-24-2025 03:14 AM

hi @Harsh_Insights 
 you can use single workspace only if you have well tested row level security (rls) , if rls or permissions are misconfigured then there is risk that unintended user may see the different data which he is not meant to see. 
if your audience is large then use separate workspace so you can apply security, refresh, and access policies for each workspace. 

 

Below is my work:
Analytic Pulse Blog - Powerbi blog
Docynx Productivity Tools  - Free tools for public use

Message 3 of 5
894 Views
vojtechsima
Super User
Super User

‎10-24-2025 03:07 AM

Hey, @Harsh_Insights ,

I would set up two RLS groups: Sales and Marketing.

 

The Sales group would have access to data with a specific flag. In your fact table, you would define that rows within 7 days are flagged for Sales (just an example).

 

The Marketing group would have full access, or you could also control it using flags if needed.

Then, on the Power BI Service side, you set up distribution groups linked to your security groups. After that, publish your report via an app, create audiences for your Sales and Marketing teams, and match the distribution groups in Security to the corresponding audiences.






Any kudos or recognition appreciated. To learn more on the topic, check out my blog and follow me on LinkedIn.
Message 2 of 5
900 Views

Helpful resources

Announcements
Fabric Data Days is here Carousel

Fabric Data Days 2026

Don't miss out on Data Days, June 15 through August 7. Learn Fabric, Power BI, SQL, AI and more.

May Power BI Update Carousel

Power BI Monthly Update - May 2026

Check out the May 2026 Power BI update to learn about new features.

Power BI DataViz World Championships carousel

Power BI DataViz World Championships - June 2026

A new Power BI DataViz World Championship is coming this June! Don't miss out on submitting your entry.

View All