If you have been following this series, you know how to perform a data assessment framework and create a data strategy roadmap to get the most out of Power BI. But your effort will only pay off if people trust the data and know what the analytics mean.
Getting there is a high-touch effort. Even simple data literacy forces people outside their comfort zones, and they’re going to need a lot of direct support. Most organizations tackle that problem with some initiative that loosely falls under the rubric of “data governance.”
Data governance is a beast of a topic. Lines around it are not clear cut and each organization defines it differently. For an enterprise deployment of Power BI, data governance is just one pillar of several.
We’ll write more about enterprise deployment in upcoming blogs—in the meantime, Microsoft has a definitive white paper on the topic that you can download here. For now, we’ll limit our comments about governance to security (both row-level and Workspace level), deployment and source control policies, data classification, tenant admin set up, and of course, the people factor.
Collectively you can think of these as the components of a Power BI data governance framework.
What is a Data Governance Framework?
Data governance is a discipline. A data governance framework helps with that discipline.
A data governance framework organizes and streamlines processes. It establishes rules on how an organization should collect, store, and use data. It enables the organization to manage rapid growth in data volumes while staying compliant with regulations, democratizing data, and facilitating collaboration.
Challenges to getting a first-rate governance framework in place are both people and structure-based. These include:
- Lack of commitment to the effort.
- Data overload, especially with the increase in unstructured data.
- Lack of clear ownership or RACI (Responsible, Accountable, Consulted, Informed).
- Lack of balance between standardization and flexibility.
- Clunky processes and a difficult-to-navigate BI environment.
Overcoming these challenges won’t be easy. But it will be easier if you are deliberate about it. The shortest path away from data chaos is to establish a data governance framework. If Power BI is your tool of choice, then you’ll want a Power BI-specific framework, the outline of which we give below.
How To Create an Effective Power BI Data Governance Framework
There’s no one-size-fits-all data governance model. To create a framework that works for your organization, start with these core data governance principles.
1. Identify Your Power BI Delivery Approach
There are three archetypes for delivering and controlling access to data and reporting. We rarely see any of these purely executed. Generally, all business intelligence (BI) projects happen somewhere on the spectrum. But this bucketing makes the concepts easier to think about.
Business-led: An approach that emphasizes speed of execution, freedom on the part of the business users, and avoidance of IT-generated bottlenecks.
IT managed self-service: A blended/managed approach that uses only governed data sources in reporting.
Corporate BI: A tightly controlled IT approach in which business users consume reports published by IT.
After you figure out which of these buckets you fall into, you need to find the right tools to make them work.
Which tools you inherit (or need to get) will be a function of how much data you process, how complex that data is, and how difficult it is to integrate from multiple sources. The larger the company, the more complicated this is.
If you work for a large enterprise you may have separate tools for every stage of data processing—ingestion, transformation, presentation. If that’s the case, there’s no shortcut…you need to learn each of those tools, how they control user access and permissions, and how to back up the scripts and code associated with any code processing. You’ll also need to figure out best practices for deployment (Dev, Test, and Prod).
If, on the other hand, you are a smaller organization planning on using Power BI as your Swiss army knife, your job is easier. You need to understand the features of the Power BI platform (Service and Desktop) and the third-party tools that support it (DAX Studio, Tabular Editor, ALM Toolkit). We give you a starter kit for understanding those below.
2. Control Access with Tenant Admin Settings, Workspace Setup, and RLS
Power BI is a robust platform with many features. Where to begin?
Power BI Administration
Set up your Power BI tenant settings (something only an admin can do) with an eye for governance. Microsoft makes it easy because many of the checkbox settings are all about “who can see what and under what circumstances.” Your tenant settings will address questions such as:
- Who can export data? And to which tools?
- What are the data sensitivity labels?
- Who can create and access workspaces?
You are likely to change your settings as Power BI adoption takes shape in the organization. For example, IT may control workspace creation until the basic framework is established and transitioned to business. The key is to make sure that someone is always in charge.
Workspace/Apps Setup
Next, define the themes and structures of your workspace/apps in Power BI. This isn’t as easy as it sounds. Should you:
- Set up Workspaces based on topics—Purchasing, Inventory Control, Receivables Management?
- Set up Workspaces based on departments—HR, Sales, Marketing?
- Let people see multiple workspaces?
- Have exec-level workspaces where tools from the department-based or topic-based workspaces get duplicated?
People will fight about this. Your best strategy is to make your decisions policy-based and be transparent about how permissions are granted. The great thing about Workspaces is that it’s easy to blow them up and start all over, so you have the chance to experiment and figure out what works.
- Establish policies and permissions on how they are created, why they are created, and who gets access.
- Create a matrix to map workspace types against organizational unit types to gain a bird’s-eye view.
Dataset Certification and Sensitivity Labeling
The most important decision you make around governance in the Power BI data governance framework is whether you will rely primarily on shared and certified datasets. We highly recommend this.
These models are your “semantic” layer, which is an awkward word for “the layer where the data quality is good, the measures are right, the language is understandable, and the business logic is what we’ve all agreed to.” Note that you can also build these tabular models using Analysis Services, either Azure Analysis Services or SQL Server Analysis Services (on-premise).
These semantic models form the basis for “live-connect” .pbix files that business users can easily build. Building the semantic model takes skills way beyond most business users (DAX, an understanding of dimensional modeling, Power Query).
Once built, these semantic models serve a host of purposes. They can be used in Excel as well as .pbix format. Further, they can be promoted to different levels of “trust-ability,” which is how they end up with the name “Certified Datasets.” As a side note, the certification level needs to get assigned by credentialed groups. If you don’t already have one, establish a governance committee responsible for the certification process.
The governance committee also owns the process of sensitivity labeling, which documents what data is sensitive and at what level. It’s part of Microsoft Information Protection, which allows organizations to classify, label, and protect data according to the level of sensitivity.
Row-Level Security vs. Workspace Security
Ideally, you don’t want to build more than a handful of “mothership” data models — the ones that become your Certified Datasets. But not everyone should be able to see everything in those models.
Row-Level Security (RLS) allows you to restrict data access for specific users with filters for roles, rules, and assignments. RLS ranges from relatively straightforward to incredibly complex.
Start by identifying the audiences within your organization and their data access needs. Then, define which data each audience can view or edit. You will need to dig deep if you have complicated RLS, but it will be well worth it.
Workspace security is typically the first layer of security and vastly simpler to implement than RLS. The problem is, workspaces tend to proliferate, especially if they are the main way people control who sees what.
The data governance committee should be vigilant about this issue, as who decides what workspaces get to be created will probably be a sensitive topic in any organization.
Deployment Pipelines and Lack of Source Control
Use deployment pipelines to develop and test Power BI content (i.e. reports, paginated reports, dashboards, and datasets) in the Power BI Service before it’s consumed by users to ensure that the i’s are dotted and t’s are crossed.
Keep in mind that Power BI Service doesn’t offer source control. You can use OneDrive, Sharepoint, or GitHub to create a version control repository. Make sure you have communicated a clean process to saving files and publishing them to Power BI Service without breaking core datasets or reports.
3. Make Sure Your Governance Framework Aligns with Your Data Strategy
Your data governance framework will evolve and change alongside your organization’s structure. To ensure that it’s supporting your overarching business goal, it must align with your data strategy roadmap.
A solid data strategy roadmap supports accurate decision-making, predicts and mitigates risks, identifies fraud, improves customer experience, increases cost-efficiency, drives sales, and boosts productivity. Naturally, your data governance framework should work within that strategy to continually overcome data challenges and improve data performance.
4. Take Advantage of XMLA Endpoints with Power BI Premium
To manage and audit Power BI datasets for governance, make sure to take advantage of robust data toolsets like SQL Server Management Studio, Azure DevOps, and SQL Server Profiler via the XMLA endpoints, which are available only to Power BI Premium Workspace developers and supported by Power BI Embedded workspaces.
XMLA endpoints are making it much easier to script dataset metadata to create, modify, or delete model roles, set Row-Level Security (RLS) filters, and set memberships for Azure Active Directory (AAD) users. Furthermore, you can connect other data visualization tools that support XMLA end-points (cough, cough…Tableau) to make the most of your Power BI datasets as a single source of truth.
5. Rally Your Teams Around Data Governance
Last but not least, data governance is a distributed responsibility. It’s important to rally your teams around realistic goals as you take a pragmatic and collaborative approach to implement Power BI, so you can ensure company-wide adoption.
See how we can help you accomplish strong data governance protocols with our data strategy services and effectively deploy Power BI in your enterprise.