Home
Case Studies
Power BI Governance Case Study: UK Charity - Framework for Security, Data Architecture & Self-Service Analytics

Power BI Governance Case Study: UK Charity - Framework for Security, Data Architecture & Self-Service Analytics

a clock icon in a circle
4
 min
an image of a yellow cube on a white backgrounda blue hexagonal object on a white background

How We Delivered a Power BI Governance Framework for a UK Charity

A UK charity with a growing Power BI estate needed to strengthen security and governance across their environment. As Power BI adoption had expanded organically across teams, gaps had emerged in workspace structure, row-level security, licensing allocation and semantic model ownership - raising questions about data access, long-term scalability and readiness for wider rollout. Our proven Power BI governance methodology gave the charity the clarity, structure and roadmap they needed to move forward with confidence.

The Challenge: Establishing a Power BI Governance Framework at Scale

Like many organisations that have adopted Power BI quickly, the charity's environment had grown organically as different teams built reports to meet immediate needs. With ambitions to enable safe self-service analytics and demonstrate strong data controls to internal and external stakeholders, leadership wanted to get ahead of the common governance challenges we see across organisations of this size - before they became blockers.

Common Power BI governance challenges we address in engagements like this:

  • Workspace structures that have grown organically over time, without a consistent standard for naming, ownership or access.
  • Security models that rely on workspace-level access alone, without row-level security (RLS) or object-level security (OLS) in place for sensitive data.
  • Semantic model ownership that has become unclear as reports have been built on top of each other, creating hidden dependencies.
  • Licensing allocation, particularly Premium Per User (PPU), that has been assigned reactively rather than planned against actual usage and cost efficiency.
  • No defined pathway for enabling self-service report authors without compromising governance standards.
  • Limited documentation around workspace roles, Entra (Azure AD) group usage, app audiences, org apps and dataset certification.

The internal sponsor wanted a tailored framework that addressed these areas proactively and created a sustainable foundation for the charity's long-term data strategy.

Our Solution: Tailored Power BI Governance Framework & Roadmap

Discovery & Stakeholder Engagement

We applied our proven Power BI governance methodology - refined across many organisations - to build a complete picture of the charity's current state and future ambitions. We engaged with the right stakeholders across IT, data, finance, programmes and executive leadership to understand where the real challenges were, how Power BI was being used day to day and where the organisation wanted to be in the short, medium and long term. This discovery phase ensured every recommendation was grounded in the charity's reality, not a generic template.

Tailored Power BI Framework & Data Architecture

We designed a Power BI framework covering Power BI workspaces, Power BI app strategy, audience configuration and org apps - aligned with Microsoft best practices and tailored to the charity's scale and team structure. Alongside this, we defined a data architecture across two horizons: a short-term design that could be implemented with existing resources and a long-term Microsfot Fabric architecture showing how the environment could evolve as data maturity grew. This dual-horizon approach ensured the charity didn't over-engineer early and didn't hit scalability ceilings later.

Security Model: RLS, OLS, Workspace Roles & Entra Groups

We established a layered Power BI security model covering row-level security (RLS), object-level security (OLS), workspace roles and Entra (Azure AD) group-based access management. Given that charities typically hold sensitive beneficiary and financial data, the model was designed to be secure - with clear mappings between Entra groups, Power BI workspace roles and dataset-level permissions. This removed ambiguity over who could access what and created an audit trail that could be reviewed at any time.

Governed Semantic Models & Self-Service Enablement

We assisted in establishing governed, controlled semantic models as the foundation for trusted reporting. Rather than allowing every report author to build their own dataset/model, we defined standards for certified datasets, naming conventions, ownership and endorsement. This gave the charity a clear path to enabling self-service analytics safely - with documented prerequisites that teams needed to meet before being granted authoring permissions. Users were empowered in the right way: with trusted data, clear boundaries and the training to work within them.

Licensing & Cost Analysis

We completed a full review of the charity's Premium Per User (PPU) licensing setup, analysing actual usage, workspace allocation and cost efficiency. Our analysis identified where PPU was genuinely needed versus where Pro licences would suffice, and provided a forward-looking cost model aligned with the charity's growth plans. We explored when it would make sense to look into F-SKUs starting with lower F-SKUs for other MS Fabric workloads when the time is right.

Delivery Roadmap & Risk Analysis

We delivered a detailed implementation roadmap that gave the charity a complete picture of what needed to happen, when, and who was responsible. Each recommendation was broken into clearly defined phases, with every item scoped, sequenced and assigned to specific owners - whether internal IT, the data team or external partners. Each phase included prerequisites that needed to be in place before work began, estimated effort, dependencies on other workstreams and a risk analysis covering what could go wrong and how to mitigate it.

This level of detail gave the charity:

  • Clarity on exactly what needed to be implemented and in what order, removing months of uncertainty around priorities.
  • Foundational understanding of the preparatory work that had to be completed before any implementation could begin safely.
  • Confidence in resourcing and timelines, with realistic effort estimates rather than assumptions.
  • A robust risk analysis that surfaced potential issues early rather than mid-project, allowing decisions to be made before they became problems.
  • A shared reference point for leadership, IT and auditors - so every stakeholder was working from the same plan, in the same language.
  • A defensible business case, making it easier for the internal sponsor to secure sign-off on the programme.

The roadmap transformed what had been a vague governance problem into a structured programme the leadership team could understand, approve and track - giving the charity a clear plan for everything that would follow.

Technology, Features & Methodology Used

Power BI Service, Power BI Desktop, Power BI Premium Per User (PPU), Row-Level Security (RLS), Object-Level Security (OLS), Workspace Roles, Entra (Azure AD) Groups, Power BI Apps & Audiences, Org Apps, Certified Semantic Models, Dataset Endorsement, Power BI Governance Framework Methodology, Measure Killer, DAX Studio.

Outcomes & Impact

The solution we delivered provided the charity with:

  • A secure and governed Power BI environment with documented security, access and ownership controls.
  • A tailored Power BI governance framework covering workspaces, apps, audiences, org apps, workspace roles and Entra group integration.
  • A layered security model using RLS, OLS and workspace roles aligned with sensitive data handling requirements.
  • Governed, certified semantic models forming a trusted foundation for self-service analytics.
  • A short-term and long-term data architecture giving the charity room to grow without re-work.
  • A licensing and cost analysis that optimised Premium Per User (PPU) allocation against charity budget constraints.
  • A clear, phased roadmap sequencing every recommendation with owners, prerequisites, effort and risks.
  • A defined path to safely enabling self-service analytics without compromising governance standards.
Frequently Asked Questions

The answers to your questions.

Discuss My Project
We’ll never share your info with anyone
Are the governance tiers provided customisable?
a close up of a white arrow pointing to the right

Absolutely. We tailor each Power BI governance strategy to suit your goals, whether you're implementing a corporate BI framework or empowering departments with self-service BI. We also adjust based on your Power BI usage - whether you use Power BI Pro, Premium Per User (PPU), Premium capacity (MS Fabric) or Embedded.

What does a Power BI governance framework include?
a close up of a white arrow pointing to the right

A Power BI governance framework is a documented set of standards covering workspace structure, security, semantic model ownership, licensing allocation and user enablement. A complete framework typically defines workspace roles, Entra (Azure AD) group integration, row-level security (RLS), object-level security (OLS), app and audience strategy, org apps, certified semantic models, naming conventions and a roadmap for enabling self-service analytics safely. The goal is to give organisations control over how Power BI and MS Fabric is used at scale, without stifling the teams who rely on it. It gives organisations the confidence and the foundation they need to avoid all the common and costly challenges.

What is the difference between row-level security (RLS) and object-level security (OLS) in Power BI?
a close up of a white arrow pointing to the right

Row-level security (RLS) and object-level security (OLS) are two complementary layers in a Power BI security model. RLS filters which rows of a table a user can see — for example, a regional manager seeing only their region's sales. OLS restricts visibility of entire tables or columns, so some users never see sensitive fields at all, such as salary or personal data. Most mature Power BI security models combine RLS, OLS, workspace roles and Entra (Azure AD) group-based access to control exposure across every layer.

When should an organisation move from Power BI Premium Per User (PPU) to Microsoft Fabric F-SKUs?
a close up of a white arrow pointing to the right

Moving from Power BI Premium Per User (PPU) to a Microsoft Fabric capacity (F-SKU) typically makes sense when PPU total licence costs approach the price of an F64-SKU, when the organisation needs capacity-based workloads beyond reporting such as data engineering or data warehousing, or when more advanced Fabric features are required. We recommend starting with a lower F-SKU and scaling up as workloads justify it, rather than over-provisioning early.

How can organisations enable Power BI self-service without losing governance control?
a close up of a white arrow pointing to the right

Safe Power BI self-service is built on governed, certified semantic models that act as a trusted data foundation for report authors. We define standards for dataset certification, ownership, naming conventions and endorsement, along with documented prerequisites that teams must meet before being granted authoring permissions. This lets users build their own reports on trusted data without undermining the governance framework around them.

What are certified semantic models in Power BI, and why do they matter for governance?
a close up of a white arrow pointing to the right

A certified semantic model in Power BI is a dataset that has been formally endorsed by an organisation as the trusted, authoritative version for a given business domain — for example, a single certified finance model or HR model. Certification signals to report authors that they can build on this dataset with confidence, and appears visibly in the Power BI Service. In governance terms, certified models prevent the sprawl of competing datasets with conflicting logic, and are the foundation for safely enabling self-service analytics at scale.

What is the difference between a Power BI workspace, app and org app?
a close up of a white arrow pointing to the right

In Power BI, a workspace is a development and collaboration area where report authors build and manage content. A Power BI app is a packaged, audience-tailored view of selected content from a workspace, published for consumers who don't need editing access. An org app takes this further by being automatically available to everyone in the organisation, making it the right distribution method for content intended for wide internal consumption. Effective governance requires clear rules on when to use each - workspaces for building, apps for distribution, org apps for organisation-wide reach.

Govern your Power BI Estate

Discuss my Project
We’ll never share your info with anyone
a close up of a group of colorful colored pencils

Read our other case studies

Power BI Case Study: UK Charity Transformation - From Manual Excel Reporting to Automated Power BI Dashboards
a clock icon in a circle
5
 min

Power BI Case Study: UK Charity Transformation - From Manual Excel Reporting to Automated Power BI Dashboards