There are quite a few areas where Power BI can assign permissions. Below is a list of which permissions can be assigned by which Groups that are available in Power BI.

Explanation of Groups

  • Security Group
    • This is also known as an Active Directory Security Group. This group lives within Active Directory and Azure Active Directory. It is where you can create a Security group. In the Security Group you can assign users and other Security Groups within a group.
    • The Security Group is created in Active Directory or Azure Active Directory or Office 365 Admin Portal.
  • Office 365 Group
    • This group lives inside Office 365 and allows you to add users/people to this group. It is also used to create a shared workspace for people to collaborate.
    • The Office 365 Group is created within the Office 365 Admin Portal or Azure Active Directory
  • Distribution Group
    • This group can also be called and Distribution List. The Distribution Group is a group which contains a list of email addresses of members, all of whom will be sent an email when an email is sent to the distribution groups email address.
    • The Distribution Group can be created in the Azure Active Directory
  • Mail-Enabled Security Group
    • This group also contains a list of email addresses of members and can also be used to control access to OneDrive and SharePoint.
    • The Mail-Enabled Security Group can be created in the Office 365 Admin Portal

Below is an example from my tenant where I had already got the following groups created as shown below. I then went through all the area’s where the permissions could be added and tested to see which groups could be used.

Groups

  • Security (AD Security Group):
    • BNE Office
  • Office 365:
    • PBI@fourmoo.com
  • Distribution:
    • pbidatarefreshfail@fourmoo.com
  • Mail-enabled Security:

Settings Matrix

Below are which groups are applied to which area’s in Power BI

UPDATE (2020-04-03): Added Dataset Refresh Failure Notifications

UPDATE (2020-04-02): Additional App Workspace Permissions

UPDATE (2020-04-01): Gateway Administrators and Power BI Premium

A

As you can see there are only a few places where the Office 365 Group can be used.

The Security Group and the Mail-Enabled Security Group can be used everywhere.

Summary

As you can see from above it is good to know which groups can be used to assign permissions in the Power BI Service.

If there is anything I have missed, is wrong or needs updating please let me know via the comments section below.

Thanks for reading!

Addition Information (If you want to have a look)

In the section below is the actual screenshots where I did my testing to confirm which groups could be assigned the correct permissions.

Tenant Settings

From my understanding this can only use Security Groups and Mail-Enabled Security Groups

Security Group

Mail-enabled security groups

App Workspace Access

Security

Office 365

Distribution

Mail-Enabled Security

App Access

Security

Office 365

Distribution

Mail-Enabled Security

RLS – Security

Security

Distribution

Mail-Enabled Security

Dataset Access

Security

Distribution

Mail-Enabled Security

Report Sharing

Security

Distribution

Mail-Enabled Security

Dashboard Sharing

Security

Distribution

Mail-Enabled Security

Power BI – Which Groups can be used to set Permissions in Power BI

There are quite a few areas where Power BI can assign permissions. Below is a list of which permissions can be assigned by which Groups that are available in Power BI.

Explanation of Groups

  • Security Group
    • This is also known as an Active Directory Security Group. This group lives within Active Directory and Azure Active Directory. It is where you can create a Security group. In the Security Group you can assign users and other Security Groups within a group.
    • The Security Group is created in Active Directory or Azure Active Directory or Office 365 Admin Portal.
  • Office 365 Group
    • This group lives inside Office 365 and allows you to add users/people to this group. It is also used to create a shared workspace for people to collaborate.
    • The Office 365 Group is created within the Office 365 Admin Portal or Azure Active Directory
  • Distribution Group
    • This group can also be called and Distribution List. The Distribution Group is a group which contains a list of email addresses of members, all of whom will be sent an email when an email is sent to the distribution groups email address.
    • The Distribution Group can be created in the Azure Active Directory
  • Mail-Enabled Security Group
    • This group also contains a list of email addresses of members and can also be used to control access to OneDrive and SharePoint.
    • The Mail-Enabled Security Group can be created in the Office 365 Admin Portal

Below is an example from my tenant where I had already got the following groups created as shown below. I then went through all the area’s where the permissions could be added and tested to see which groups could be used.

Groups

  • Security (AD Security Group):
    • BNE Office
  • Office 365:
    • PBI@fourmoo.com
  • Distribution:
    • pbidatarefreshfail@fourmoo.com
  • Mail-enabled Security:

Settings Matrix

Below are which groups are applied to which area’s in Power BI

UPDATE (2020-04-03): Added Dataset Refresh Failure Notifications

UPDATE (2020-04-02): Added App Workspace Permissions

UPDATE (2020-04-01): Added Gateway Administrators and Power BI Premium

sdf

As you can see there are only a few places where the Office 365 Group can be used.

The Security Group and the Mail-Enabled Security Group can be used everywhere.

Summary

As you can see from above it is good to know which groups can be used to assign permissions in the Power BI Service.

If there is anything I have missed, is wrong or needs updating please let me know via the comments section below.

Thanks for reading!

Addition Information (If you want to have a look)

In the section below is the actual screenshots where I did my testing to confirm which groups could be assigned the correct permissions.

Tenant Settings

From my understanding this can only use Security Groups and Mail-Enabled Security Groups

Security Group

Mail-enabled security groups

App Workspace Access

Security

Office 365

Distribution

Mail-Enabled Security

App Access

Security

Office 365

Distribution

Mail-Enabled Security

RLS – Security

Security

Distribution

Mail-Enabled Security

Dataset Access

Security

Distribution

Mail-Enabled Security

Report Sharing

Security

Distribution

Mail-Enabled Security

Dashboard Sharing

Security

Distribution

Mail-Enabled Security

Power BI – Which Groups can be used to set Permissions in Power BI

There are quite a few areas where Power BI can assign permissions. Below is a list of which permissions can be assigned by which Groups that are available in Power BI.

Explanation of Groups

  • Security Group
    • This is also known as an Active Directory Security Group. This group lives within Active Directory and Azure Active Directory. It is where you can create a Security group. In the Security Group you can assign users and other Security Groups within a group.
    • The Security Group is created in Active Directory or Azure Active Directory or Office 365 Admin Portal.
  • Office 365 Group
    • This group lives inside Office 365 and allows you to add users/people to this group. It is also used to create a shared workspace for people to collaborate.
    • The Office 365 Group is created within the Office 365 Admin Portal or Azure Active Directory
  • Distribution Group
    • This group can also be called and Distribution List. The Distribution Group is a group which contains a list of email addresses of members, all of whom will be sent an email when an email is sent to the distribution groups email address.
    • The Distribution Group can be created in the Azure Active Directory
  • Mail-Enabled Security Group
    • This group also contains a list of email addresses of members and can also be used to control access to OneDrive and SharePoint.
    • The Mail-Enabled Security Group can be created in the Office 365 Admin Portal

Below is an example from my tenant where I had already got the following groups created as shown below. I then went through all the area’s where the permissions could be added and tested to see which groups could be used.

Groups

  • Security (AD Security Group):
    • BNE Office
  • Office 365:
    • PBI@fourmoo.com
  • Distribution:
    • pbidatarefreshfail@fourmoo.com
  • Mail-enabled Security:

Settings Matrix

Below are which groups are applied to which area’s in Power BI

UPDATE (2020-04-03): Added Dataset Refresh Failure Notifications

UPDATE (2020-04-02): Added App Workspace Permissions

UPDATE (2020-04-01): Added Gateway Administrators and Power BI Premium

As you can see there are only a few places where the Office 365 Group can be used.

The Security Group and the Mail-Enabled Security Group can be used everywhere.

Summary

As you can see from above it is good to know which groups can be used to assign permissions in the Power BI Service.

If there is anything I have missed, is wrong or needs updating please let me know via the comments section below.

Thanks for reading!

Addition Information (If you want to have a look)

In the section below is the actual screenshots where I did my testing to confirm which groups could be assigned the correct permissions.

Tenant Settings

From my understanding this can only use Security Groups and Mail-Enabled Security Groups

Security Group

Mail-enabled security groups

App Workspace Access

Security

Office 365

Distribution

Mail-Enabled Security

App Access

Security

Office 365

Distribution

Mail-Enabled Security

RLS – Security

Security

Distribution

Mail-Enabled Security

Dataset Access

Security

Distribution

Mail-Enabled Security

Report Sharing

Security

Distribution

Mail-Enabled Security

Dashboard Sharing

Security

Distribution

Mail-Enabled Security