Power BI – Which Groups can be used to set Permissions in Power BI
There are quite a few areas where Power BI can assign permissions. Below is a list of which permissions can be assigned by which Groups that are available in Power BI.
Explanation of Groups
- Security Group
- This is also known as an Active Directory Security Group. This group lives within Active Directory and Azure Active Directory. It is where you can create a Security group. In the Security Group you can assign users and other Security Groups within a group.
- The Security Group is created in Active Directory or Azure Active Directory or Office 365 Admin Portal.
- Office 365 Group
- This group lives inside Office 365 and allows you to add users/people to this group. It is also used to create a shared workspace for people to collaborate.
- The Office 365 Group is created within the Office 365 Admin Portal or Azure Active Directory
- Distribution Group
- This group can also be called and Distribution List. The Distribution Group is a group which contains a list of email addresses of members, all of whom will be sent an email when an email is sent to the distribution groups email address.
- The Distribution Group can be created in the Azure Active Directory
- Mail-Enabled Security Group
- This group also contains a list of email addresses of members and can also be used to control access to OneDrive and SharePoint.
- The Mail-Enabled Security Group can be created in the Office 365 Admin Portal
Below is an example from my tenant where I had already got the following groups created as shown below. I then went through all the area’s where the permissions could be added and tested to see which groups could be used.
- Security (AD Security Group):
- BNE Office
- Office 365:
- Mail-enabled Security:
Below are which groups are applied to which area’s in Power BI
UPDATE (2020-04-03): Added Dataset Refresh Failure Notifications
UPDATE (2020-04-02): Additional App Workspace Permissions
UPDATE (2020-04-01): Gateway Administrators and Power BI Premium
As you can see there are only a few places where the Office 365 Group can be used.
The Security Group and the Mail-Enabled Security Group can be used everywhere.
As you can see from above it is good to know which groups can be used to assign permissions in the Power BI Service.
If there is anything I have missed, is wrong or needs updating please let me know via the comments section below.
Thanks for reading!
Addition Information (If you want to have a look)
In the section below is the actual screenshots where I did my testing to confirm which groups could be assigned the correct permissions.
From my understanding this can only use Security Groups and Mail-Enabled Security Groups
Mail-enabled security groups
App Workspace Access
RLS – Security