This blog is about security management, and it's meant for folks who are coming into the security management field with respect to POWER BI Administration.

We'll look at one of the security principles provided by Microsoft Azure in POWER BI, that a security manager needs to know and should have in their toolbox to help them manage and protect assets throughout the organization..

In this blog, we will be thinking as security technicians, looking from the bottom up and configuring Security Roles and making sure Users have the right permissions as per the policies, processes and procedures that we can use throughout the organization.

Plan Of Action for this Document–

We are going to create a new User - Test01 that needs View access in One of our workspaces – “Test”.

So rather than providing direct rights to the user in the workspace, we are going to create a Security Group – Test01 and add this user to the group – Test01. Now we would be mapping the newly Created Security Group with the workspace – Test with View permission.

The first step would be the identification of the Groups and Users that you want to have in your environment. Your objective should be to assign permissions to the group and then add the users as per requirement. This will help to manage the users from the top level as a collective asset rather than taking care of individual rights.

The below steps would guide you to create Users and Security Groups. Also, you would be able to add the users to the Security Groups and assign the Security Groups to the Workspaces with Proper permissions.

Creating POWER BI User–

1. Most of the admin and security features in POWER BI would be handled from the Azure admin portal Site. New Groups and Users would be done in the same way as well. Let’s see how can we create a New User

2. You would find all the existing Users and the option to create new user as well under the Active Users section.

3. Click on Add a User and Set up the Basics as required.

4. Provide product license. If you are using Pro version of Power BI, you would get the option to select POWER BI licenses for your new users that you can use.

5. Now you would be able to see the newly created User in the Active user’s section. Also, you can manage him as shown below from there.

Creating Security Group–

1. Same ways we will be using the POWER BI admin portal section for creating Security Groups too.

2. Please make sure to select option – Security if you are going to assign permission to your Group in the Workspaces.

Adding Users and providing Owner to Security Group–

1. We can provide Owner to the group that should be one of the admin users in the Organization. Similarly, we will add the other users which needs to the part of this group.

2. Finally, we will allocate this newly created Security Group to the workspace where Dashboards and Reports are present that those Users would like to fetch/Contribute.

Power BI functions by granting permissions to its users/Groups that allow them to access the application. Within them, there are various permissions for workspace reports which manage points of entry and access to the workspace itself.

There are four permissions that can be assigned to those users/Groups.

Viewer - these kinds of users can view and interact with reports and dashboards without changing their contents. They have the lowest level of control over the data and the report.

Contributor - Apart from being able to view and interact with reports and dashboards, this user type goes a step further by being able to create, edit, copy, and delete items in a workspace, publish reports, schedule refreshes, and modify gateways.

Member - As with the contributor user type above, this user type can do all that the preceding user types can do. In addition, the member user type can also feature dashboards on the service, share items, allow others to reshare items, and publish or republish. This role is also able to add other users to the viewer or contributor role.

Admin - This user type can carry out all functions of the previous user types as well as add and remove users including other admins.


Now we've come to the end of the blog and let's talk about what we've discussed. First, we looked at requirements at the organization level regarding the Users that need access on certain POWER BI reports and Dashboard. To manage all the Users at single shot, we categorized them under a Single Security Group and added them to that specific group. Now we provided required permissions to the Group rather than doing any configuration changes at the User level. We talked about information security relationships of Security Groups with the assigned Workspaces as per the Business goals and functions.

Thus, we finally achieved a security management program and considered related aspects of this process. This blog will certainly help you decide how to create and manage your security management program and deal with all the Security concepts provided by Microsoft such as Security Groups, User Management, Workspace-Group Relationships, roles and responsibilities.