Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Be one of the first to start using Fabric Databases. View on-demand sessions with database experts and the Microsoft product team to learn just how easy it is to get started. Watch now

Reply
pborah
Impactful Individual
Impactful Individual

Is there any other way to create access groups directly in service instead of using Azure AD?

This question/post relates more to the governance side of things in service.

 

I want to start by saying that I know within each app, you can create distinct "Audiences" with customized/selective view-access to reports and dashboards contained in that app. However I want to have groups that can be reusable across different apps and even testing workspaces.

 

We in the BI and data analytics team do not have full ownership of Power BI. We go as high as "Power BI Admin" in our team. O365 administration is handled by our infrastructure team, which is at times cumbersome when it comes to creating a new AD group that previously did not exist, for a newly deployed app. Not only is there often a delay, sometimes we even face sharp pushback. We really do not prefer adding individual emails for access control and would rather use groups. It would be nice if we were given the ability to create distribution lists in AD as per our needs but I also understand from the other team's point of view that managing and administering them will become difficult as the number of those groups goes up with time. As I understand, even creating O365 groups will require one to be an O365 admin.

 

So has anyone found an in-between solution to this?

2 ACCEPTED SOLUTIONS
GilbertQ
Super User
Super User

Hi @pborah 

 

And cook potentially look at creating office 365 groups through outlook?

 

Get started with Microsoft 365 Groups in Outlook - Microsoft Support





Did I answer your question? Mark my post as a solution!

Proud to be a Super User!







Power BI Blog

View solution in original post

v-denglli-msft
Community Support
Community Support

Thanks for the reply from GilbertQ, please allow me to provide another insight.
Hi @pborah ,

As a normal user, in addition to the way described by GilbertQ, you can also create M365 groups in two ways: by creating teams in Teams and by creating sites in Sharepoint.

Explaining Microsoft 365 Groups to your users - Microsoft 365 admin | Microsoft Learn


Best Regards,
Dengliang Li

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

View solution in original post

6 REPLIES 6
GilbertQ
Super User
Super User

What you could do is I think that there is an Everyone group in Entra ID that you could use?





Did I answer your question? Mark my post as a solution!

Proud to be a Super User!







Power BI Blog

v-denglli-msft
Community Support
Community Support

Thanks for the reply from GilbertQ, please allow me to provide another insight.
Hi @pborah ,

As a normal user, in addition to the way described by GilbertQ, you can also create M365 groups in two ways: by creating teams in Teams and by creating sites in Sharepoint.

Explaining Microsoft 365 Groups to your users - Microsoft 365 admin | Microsoft Learn


Best Regards,
Dengliang Li

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Thank you @GilbertQ and @v-denglli-msft . This certainly works so I've accepted both your responses as solutions. However this morning my manager told me he is not that crazy about this solution. This is because besides user email, in our organization, we also have something called position codes. Let me explain -

 

Position code is related to the job and not the person. A person can move to different positions over time in the organization. Therefore we use position codes for access control and not user email. This way even if someone changes their job within the organization, we don't have to worry about going back to the app or AD group settings to update the access emails. Multiple in the same role will have the same position code inspite of having their own unique organizational emails and AAD accounts. Our AAD has a table/field for position codes. But thank you for your replies as this gives me something to work with in the future in case the need comes up.

Hi @pborah 

 

Just to let you know, you could create row level security based on the user's position code. So even though the user will log in with the email as they change their position code, there will then change what they can see dynamically.





Did I answer your question? Mark my post as a solution!

Proud to be a Super User!







Power BI Blog

pborah
Impactful Individual
Impactful Individual

Thank you @GilbertQ , I can see that working for a report/dashboard. Could you elaborate how this could work across the entire tenant?

GilbertQ
Super User
Super User

Hi @pborah 

 

And cook potentially look at creating office 365 groups through outlook?

 

Get started with Microsoft 365 Groups in Outlook - Microsoft Support





Did I answer your question? Mark my post as a solution!

Proud to be a Super User!







Power BI Blog

Helpful resources

Announcements
Las Vegas 2025

Join us at the Microsoft Fabric Community Conference

March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount!

November Carousel

Fabric Community Update - November 2024

Find out what's new and trending in the Fabric Community.

Dec Fabric Community Survey

We want your feedback!

Your insights matter. That’s why we created a quick survey to learn about your experience finding answers to technical questions.