Just like outstanding requests to assign app/workspace permission at a folder level within the app, we need to be able to give some users access to just individual dataflows without giving them access to the entire workspace that the dataflows are contained in.
Michael Nesbit commented
Not being able to granr permissions at the dataflow level defeats the other advantages of dataflows. We would like to have one copy of the dataflow instead of multiple copies just because of the security issue.
David Traynham commented
I agree. We need to be able to give users build or view permission to Dataflows like we can with Datasets. This will provide finer control on who can access what data within a Workspace without giving them the ability to create, update, or delete content within the Workspace. This will also reduce the number of workspaces that have to be created.
At the time of this comment, there is only security at the workplace scope for Dataflows. It would help to have the ability to secure at the following scopes:
1) Dataflow (model scope)
2) Dataflow Entity (table scope)
3) Entity Column
4) Entity Row
This is a requirement. Consider the following:
I am a data source owner and I want to democratize my data. I have been given a single Premium workspace and I would like to use it to triage dataflows to dataset developers spread across the organization. I create two dataflows:
1) HR DF
2) Ops DF
How do I share HR DF with HR so that the Ops folk cannot see it?
Jack Wells commented
This has come up recently for me. I have a dataflow in my division that it would be helpful to share with another team, but I don't want to share my whole workspace with them so they can access it. Indeed, they don't even need to see the whole dataflow, just a portion of it.
Adam S commented
This is one place power bi is really lacking. It great that Microsoft is trying to make information more accessible but there are data security structures that need to be supported. Not everyone should be able to see all data from a data sources, I should be able to have one master Dataflow which pulls all the data from a system, and then parse it into sub-flows based on what information each contributor\member is permitted to have access to.
Great suggestion! Now it seems I have to create different Workspaces each containing different Dataflows in order to control the access to them....