cancel
Showing results for 
Search instead for 
Did you mean: 

Fabric is Generally Available. Browse Fabric Presentations. Work towards your Fabric certification with the Cloud Skills Challenge.

Reply
henrywflaw
Regular Visitor

what is the best security design to share dashboard to individual dept head and management team

Hello guys, we are developing dashboards for individual department, for instance, one dashboard for sales departent, one for HR department, one for finance department, and one for planning department, etc. For each department, we allow the department head to view their departmental dashboard. However, the department head cannot see dashboard of other department. For the managment team, they are obviously eligible to view all department dashbords. We would like to see how a security design best fit for this requirement. We consider 2 options and please give us some advise which is best or bad. Or it may have option 3, 4, which I may not be aware of. Thank you.

 

Option 1 - Create O365 groups for each department and one for management group. Grant access to each dashboard to its department group and management group. Pros - easy management and easy understanding; cons - management team have a lots of dashboard in his/her dashboard list

 

Option 2 - Instead of create one dashboard one department, combine all reports to one big dashboards. That means one big dashboard and it has different reports for different departments. Use row-level security to control the access. Department A user can see dashboard of department A. However, even department A user can see the report for department B (because a big dashboard) but department A user has no row-level access so a blank department B report will show for department A user. Pros - one dashboard object for management team; cons - department user will have a big dashboard for all reports but most of reprot are blank becuase department user has right to see his/her department report only. 

 

Option 3, 4 -????

1 ACCEPTED SOLUTION
ankitpatira
Community Champion
Community Champion

@henrywflaw 

 

Option 3 - What I would do is create group workspace for each department only (not management) and add members of management to each of those groups. So you end up with 4 groups for each department and management can go to any group they want to see dashboard for. Obviously there is no clear do this or that answer here as it depends on your requirement. 

 

Option 4 - Publish pbix file to one group workspace. Then in that group workspace create dashboards for each department and publish it as a content pack that is shared with People of each department ie create content pack HR with dashboard HR and report and dataset that is shared with people belonging to HR deparmtnent. Then those people go to their personal workspace -> Get Data -> My organisation -> Get content pack and they will only see HR content pack.

 

I think option 4 would suit best in my opinion to distribute dashboards and reports this way.  RLS is also good as it means you have less development (less number of pbix) files to develop. You have one pbix file that gets published to one group workspace and everyone sees that depending on their access level.

 

There is no best / worst option here as it depends on your requirements / future roadmap and the approach you're most comfortable with.

View solution in original post

3 REPLIES 3
v-haibl-msft
Microsoft
Microsoft

I also prefer the option 4 provided by ankitpatira. It should be able to meet your requirements.

 

Best Regards,

Herbert

ankitpatira
Community Champion
Community Champion

@henrywflaw 

 

Option 3 - What I would do is create group workspace for each department only (not management) and add members of management to each of those groups. So you end up with 4 groups for each department and management can go to any group they want to see dashboard for. Obviously there is no clear do this or that answer here as it depends on your requirement. 

 

Option 4 - Publish pbix file to one group workspace. Then in that group workspace create dashboards for each department and publish it as a content pack that is shared with People of each department ie create content pack HR with dashboard HR and report and dataset that is shared with people belonging to HR deparmtnent. Then those people go to their personal workspace -> Get Data -> My organisation -> Get content pack and they will only see HR content pack.

 

I think option 4 would suit best in my opinion to distribute dashboards and reports this way.  RLS is also good as it means you have less development (less number of pbix) files to develop. You have one pbix file that gets published to one group workspace and everyone sees that depending on their access level.

 

There is no best / worst option here as it depends on your requirements / future roadmap and the approach you're most comfortable with.

Do they have to use the same data model? One thing I advise organizations to consider is the use of many small data models instead of one big one for everyone. Reporting requirements change often and typically diverge between organizations. I'd personally lean toward Option 1. However, the use of groups requires a Power BI pro license for all users. You've not mentioned the licensing yet in your proposal so I thought I'd bring that up.

 

If you go the small focused model route, you can share each model directly with your target audience, without using Groups. This would allow the use of the free license. 

 

Hopefully this gives you some ideas to consider.

  

Treb Gatte | Business Solutions MVP | Power BI Recordings | @tgatte | Blog 

Helpful resources

Announcements
PBI November 2023 Update Carousel

Power BI Monthly Update - November 2023

Check out the November 2023 Power BI update to learn about new features.

Power BI Fabric Summit Carousel

The largest Power BI and Fabric virtual conference

130+ sessions, 130+ speakers, Product managers, MVPs, and experts. All about Power BI and Fabric. Attend online or watch the recordings.

Top Solution Authors
Top Kudoed Authors