Skip to main content


PowerBI governance

The need for good PowerBI Governance

By Enterprise PowerBI No Comments
What do we need PowerBI Governance for? Well, PowerBI has come a long way in the past decade – and yes, it has been a decade. It was released way back in July 2011! What was a humble reporting tool is now a complex ecosystem of self service analytics, data management and artificial intelligence. While the advancements in themselves are great, with greater complexity comes a greater need to understand and manage it through PowerBI Governance, especially at the Enterprise scale.

What needs governing?

In my experience across a range of implementations there are 4 key areas that need formal management:

  • Data
  • Security
  • Platform
  • Users

I’ll run through each of these below in more detail.

PowerBI Governance – Data

PowerBI governance data

Depending on the size and maturity of the organisation, data governance may already be in place. If so, this part of the design of the PowerBI governance model is simple. The existing policy can directly inform your approach.

However if it is absent, then part of designing the governance model includes creating it. In the early part of a deployment lifecycle, where PowerBI reports are simple and departmental, accountability for data is often pretty simple; the department that creates the report knows data owners and can manage issues as they arise. However once the reach of PowerBI scales these links become less clear.

If you are managing PowerBI centrally in an organisation, and a data item is suspect, how does it the investigation process work? How does the organisation decide on where to allocates its limited development resources if demands from different areas are in contention? How do we prevent disparate teams duplicating efforts? Who is accountable for maintaining the data catalog that makes assets discoverable? Who decides who can see what data when it is discovered?

All these questions fall under Data Governance and answering them is critical to ensure a well managed self service analytics environment.

PowerBI Governance – Security


It is becoming cliché to say it, but data is a valuable asset. I’ve written before about the security risk associated with PowerBI desktop but like all data stores it has many attack surfaces and holes to leak from. Managing them correctly and actively is essential to prevent embarrassing and potentially expensive data leaks. As with all issues to do with governing technology risks, there are a mix of hard (technical) and soft (policy) tools you can bring to bear to the problem.

On the “hard” front are the platform level controls you can put in place. Some of these sit at a purely PowerBI level, such as the ability to limit insecure external sharing via publish to web. Other controls need the engagement of Azure administrators through deploying tools such as Azure information protection to keep an eye or lock on sensitive data.

On the “soft” front, giving education on the risks of data loss, costs of data leakage and how it happens is effective. It is not reasonable to expect untrained users to foresee the unexpected consequences of downloading and emailing a copy of a report. Most data breaches are caused by human error rather than any malicious activity. Education is key to this issue.

Thus the PowerBI platform needs to have basic guidelines established for its use, and then communicated around the organisation. It’s not a set and forget activity either – the technical environment and the business it serves changes. Once again, good ongoing governance is essential to keeping your platform and data secure.

PowerBI Governance – Platform


PowerBI is a complex beast. The admin portal overview page alone is now a half hour read! There are controls over the use of capacity, what is able to be shared and how, what visuals can be used and even how the portal can be customised to match your organisational branding. Then there are the requirements to monitor the platform for usage and capacity. This includes on-premise data gateways – which aren’t part of the services management capability.

On top of this is decisions to make around the usage and administration of Workspaces. End users should be given flexibility to self serve, but designing controls around data access is vital. Preventing scenarios like someone accidentally sharing HR reports with everyone’s salary details in them requires planning.

While it is IT’s role to administrate the platform, the data on it is a business asset and so the governance process needs to be a joint effort.

PowerBI Governance – Users


Last – but definitely not least – are the users of all this capability. Rolling out PowerBI across the enterprise means you need to support and enable the users through a managed program. How are you establishing your Centre of Excellence to ensure quality content gets built and delivered to stakeholders? How can you drive an internal PowerBI community to support the growing capability of self sufficient analysts? Who will design and manage the training program to the different audience types that need to be catered to?

Plus of course is the balance of how to licence everyone. Is PowerBI premium the right option, or can you get by on PowerBI Pro licences for now? What is the trigger to make the change?

Driving the platform to deliver value to the business is not something that will happen by accident. Data literacy is not a native skill to many workers. The process of infusing that in your business needs to be managed.


This article aims to highlight some of the key concerns in governing PowerBI across the four dimensions of Data, Platform, Security & Users. As you have undoubtedly been gathering there has been a growth in complexity of the ecosystem. This has led to a similar complexity in terms of how the platform and its use needs managing.

If you need to hit the fast forward button on all this, we can help. All this complexity falls under the first step in our PEBBLE Enterprise PowerBI methodology – Plan. Our PowerBI Governance framework addresses these concerns – and more. Please reach out if you would appreciate some help.