Hey !
Im working through business requirement to share insights with external orgs via PBI service.
We use Apps typically to present content. Im in Technology but the business are the those creating the models / reports / Apps content.
Im proposing the following :
Separate Workspaces for external access - something of a ring-fence and to have clearly designated W/S for this purpose. Im pushing back against the business departments just 'applying audiences on the objects they already have' in their own domain / team workspaces
With a separate W/S I can design a process where a central governance team can QE the content, RLS and apply some sanity checks on what is being shared - Also makes it easier to recertify access if you know which workspaces are intended to have external access permissions.
The bit im stuggling with is what is the minimum set of artefacts i need in the dedicated W/S - Can I just have the App ? Would the external users (who will Entra guests) need any read permissions on the Models and Reports that Im proposing live in another W/S ?
Has anyone done this and achieved a level of control regarding security and governance rather than it being a free for all and having to mop up issues retrospectively ?