Hello guys, we are developing dashboards for individual department, for instance, one dashboard for sales departent, one for HR department, one for finance department, and one for planning department, etc. For each department, we allow the department head to view their departmental dashboard. However, the department head cannot see dashboard of other department. For the managment team, they are obviously eligible to view all department dashbords. We would like to see how a security design best fit for this requirement. We consider 2 options and please give us some advise which is best or bad. Or it may have option 3, 4, which I may not be aware of. Thank you.
Option 1 - Create O365 groups for each department and one for management group. Grant access to each dashboard to its department group and management group. Pros - easy management and easy understanding; cons - management team have a lots of dashboard in his/her dashboard list
Option 2 - Instead of create one dashboard one department, combine all reports to one big dashboards. That means one big dashboard and it has different reports for different departments. Use row-level security to control the access. Department A user can see dashboard of department A. However, even department A user can see the report for department B (because a big dashboard) but department A user has no row-level access so a blank department B report will show for department A user. Pros - one dashboard object for management team; cons - department user will have a big dashboard for all reports but most of reprot are blank becuase department user has right to see his/her department report only.
Option 3, 4 -????