Articles

Nov 24 2016

Admin and Auditing in Power BI

Author: Ginger Grant Discussion: 2 Comments

On October 24, 2016 Microsoft has created a new access right in Office 365, the Power BI Admin. This means that no longer does one have to be a Office 365 Administrator, a role with a ton of rights which have nothing to do with Power BI to be a Power BI Administrator. To be a Power BI Adminstrator, the Office 365 Adminstrator needs to run a PowerShell script to make a user a Power BI Administrator. Just change the email address and run this script.

Add-MsolRoleMember -RoleMemberEmailAddress “user@useremailaddress.com" -RoleName "Power BI Service Administrator"

After running this script you will almost have everything you need to be a Power BI Administrator. The one thing that the newly minted Power BI Administrator cannot do is review the Audit Logs.

Audit Logs in Power BI

The Audit Logs are the third menu item in the Power BI Admin Portal. As you can tell by looking at a copy of the screen below, Audit Logs are not really part of Power BI. Yes the ability to log all of the content in Power BI exists in the Audit Logs, but so does the ability to review the audit logs for things like Exchange Mailbox Activities and User Administration Activities.

Power BI Admin Screen

If the Office 365 Administrator has granted a user Power BI Administration rights, this is what the newly minted Power BI Administrator will see when trying to access any search activities. It appears that you the user has rights, until that user tries to do anything on the screen. At that point, this error window appears.

error-message-for-power-bi

Granting a Power BI Administrator the ability to view Power BI Audit Logs

To view audit logs, additional Office 365 access features are required. I did not figure out a way to turn on the audit feature unless one already was an Office 365 Administrator. If you want to view the audit logs, the first step should be to find out if they are turned on, because the steps I am going to show won’t do that. Within the Office 365 Admin center, go to the Exchange admin center and select permissions.

office365portal

Select the user and then add two roles Compliance Management and Organization Management. It is also possible to create a new role with Compliance Manager rights and add the Audit Logs and View Only Audit Log permissions, since those are the required permissions. None of this has anything to do with Power BI, which means when the permissions granted, users will have the ability to see all of the audit logs. After the new role permissions have been applied, the error message will go away and users will have the ability to see activity logged in Power BI as well as all of the Power BI Administration features.

 

Yours Always

Ginger Grant

Data aficionado et SQL Raconteur