BI governance is the set of policies, processes, and standards that determine who can publish analytics content, how data sources are certified, how access is controlled, and how content quality is maintained. This guide covers the components of a BI governance framework for enterprise Tableau and Power BI environments, from content certification to change management.
What BI Governance Is
BI governance is the combination of policies, processes, roles, and standards that determine how analytics content is created, published, validated, accessed, and maintained in an organisation. Without governance, BI environments accumulate technical debt: duplicate dashboards with conflicting numbers, unowned workbooks that nobody understands but everyone fears to delete, proliferating data sources with inconsistent definitions of the same metric, and security gaps where users have access to data they should not.
Governance is not bureaucracy for its own sake — it is the operational infrastructure that allows analytics to scale without becoming a liability.
Governance Framework Components
### 1. Content Lifecycle Management
Define how content moves from creation to retirement:
**Draft**: Content under development in a development project or workspace. Not accessible to end users. Uses dev data sources that may connect to non-production data.
**Certified / Promoted**: Content reviewed, validated against data sources, and explicitly approved for use. Certified content in Tableau is marked with the Certified badge; in Power BI, promoted or certified semantic models are marked in the workspace.
**Deprecated**: Content that has been superseded but not yet removed. Flagged to users that it will be removed on a specific date. Prevents immediate breakage for users who have not migrated to the replacement.
**Retired**: Content removed from the environment. Document what replaced it and when.
The lifecycle process requires defined roles: who creates (any analyst), who reviews for promotion to certified (data team lead or data steward), and who retires content (content owner or data team).
### 2. Data Source Governance
Data sources are more governed than workbooks — a single governed data source is used by many workbooks, so quality problems propagate broadly.
**Certified data sources**: In Tableau Server/Cloud, certify published data sources that meet quality standards — defined owner, known refresh schedule, documented field descriptions, validated business logic. Certified data sources appear differently in the data source connection dialog, signalling to authors that they are the approved source for that data domain.
**Published vs embedded extracts**: Centralise shared data sources as published data sources, not embedded extracts in individual workbooks. Embedded extracts create silent fragmentation — each workbook has its own copy of the data, each with slightly different logic and refresh schedules.
**Field documentation**: Document every field in a data source: business definition, calculation logic, source table and column, known limitations. This documentation travels with the data source and is accessible to authors in the authoring interface.
**Refresh schedules**: Define and enforce refresh schedules. Monitor refresh failures. A certified data source with unreliable refresh is a governance failure — users learn not to trust certified labels.
### 3. Access Control
Access control has two dimensions: who can access what content, and who can see what data within content.
**Content access** (Tableau): Projects control access. Users are assigned to groups; groups are granted project-level permissions (viewer, explorer, creator). Define a project hierarchy that reflects business units or data sensitivity classifications. Creator-level access (the ability to publish new content) should be restricted to trained analysts — open publishing rights lead to ungoverned proliferation.
**Data access** (Row-Level Security): Filter data within a workbook based on who is viewing it. In Tableau, RLS is implemented via user filters, user attributes, or data source filters that reference the viewer's username or group membership. In Power BI, RLS roles are defined on the semantic model and assigned to users or groups. Mandatory for any environment where different users should see different subsets of the same underlying data — regional managers seeing only their region, customers seeing only their account.
**Data sensitivity classification**: Tag data sources by sensitivity level (public, internal, confidential, restricted). Apply access control requirements that match the classification. Restricted data sources require explicit approval for access; internal data sources are open to all employees with business need.
### 4. Publishing Standards
Governance without standards produces certified content that is still inconsistent. Define minimum standards for content to qualify for certification:
**Data source**: Published shared data source — not embedded extract; refresh schedule defined and monitored.
**Design**: Adherence to the organisation's BI style guide — consistent colour palette, standard chart types for standard questions, consistent date range filter placement, descriptive titles that state the question the view answers.
**Documentation**: View title and description populated. Data source description and field documentation complete. Owner identified in the description or metadata.
**Testing**: Key metrics cross-validated against the authoritative source (financial system, CRM). Edge cases tested — empty date ranges, zero values, null handling.
**Certification review**: Data team lead reviews against the standards checklist before certifying. Review is documented, not assumed.
### 5. Ownership and Accountability
Every certified data source and every certified workbook must have a named owner — a person accountable for:
- Responding to questions about the content from users
- Updating the content when source data changes
- Refreshing or communicating when refresh schedules fail
- Initiating the retirement process when the content is superseded
Unowned content accumulates and degrades. Define what happens when an owner leaves the organisation — a designated successor or escalation to the data team lead.
### 6. Change Management and Communication
Users rely on certified content for business decisions. Changes to certified content require:
**Version control for data sources**: Maintain prior versions when changing calculated field definitions — allow users to validate that the change produces the expected impact on their workbooks.
**Change communication**: Notify workbook owners when a data source they depend on is being changed. Give them time to test the impact before the change is applied to production.
**Deprecation notice**: Before removing any certified content, publish a deprecation notice with: what is being deprecated, why, what replaces it, and when it will be removed. 30-day minimum notice for widely-used content.
### 7. Usage Monitoring and Cleanup
Unused content is governance debt. Monitor content usage using platform APIs:
**Tableau**: REST API and Tableau Server/Cloud admin views provide per-workbook and per-view usage counts, last access date, and owner information. Export to a governance dashboard that surfaces: content not accessed in 90 days, content with no owner set, data sources with failing refreshes.
**Power BI**: Activity API and Usage Metrics reports provide report and dataset usage statistics, last access dates, and workspace-level governance signals.
Conduct quarterly content reviews: identify content not accessed in 90 days, contact owners for confirmation of continued need, deprecate and retire confirmed unused content. Quarterly reviews prevent the accumulation of thousands of unused workbooks that makes the environment unnavigable.
Governance by Environment Size
**Small BI team (under 5 content creators)**: Basic published data sources, certified badge applied to core KPI dashboards, documented metric definitions in a shared document, monthly review for unused content. Formal certification process is overhead — focus on documentation and shared data sources.
**Mid-size (5-20 creators, enterprise data team)**: Full certification workflow with review checklist, project hierarchy with access control, RLS on sensitive content, quarterly cleanup reviews, data source field documentation in Tableau/Power BI metadata.
**Enterprise (20+ creators, regulated environment)**: Automated compliance reporting via REST API, change management process with approval workflow, integration with IT service management for access requests, formal data stewardship programme with business data stewards owning domain data sources.
Our managed BI services include governance framework design and implementation for Tableau and Power BI environments — contact us to discuss your BI governance requirements.
A former Microsoft data architect audits your data foundation, identifies your top priorities, and sends you a written plan. Free. No pitch.
Book a Call →