Hi Lucy ,
You need gather requirement's first from your BI Analytics manager and then try to set up security step by step. It's an iterative process and you will get there try to create few sample user's and play with it .
I.I will create a separate BI Group for each user's you think they only should have access to the data
2.You can set up project up level permission's once they are in the group
3.you can setup user level permissions for each workbook access
That's the way I believe you have more control of the BI Content .
Let me know how it works out .
You can make sure that every Project has a Project Owner and you make them responsible for maintaining permissions. Tell them you will only help maintain Projects that are Locked. Period.
I guess it depends on what you, as an admin, are allowed to control. The pros & cons vary from company to company. Where I work we don't even ask, the Project gets Locked. It is up to the Project Leader to change it to Managed. If questions are brought up then I downplay it, giving the negatives. The only time I recommend Managed is when permissions are truly varied and necessary (generally by my evaluation) as it's rare to have any developer know what's necessary versus what's wanted (I do have a couple devs who I trust to make the right decision).
When it comes to Sites beyond "Default" it's up to the Site Administrator to decide that. For us, the Site Admin. is responsible for their Site. Sites for us, though, are rare and used when the devs know what they're doing, create many reports and thus have several Projects, and have people come and go so often that it slows things down for them when they need to wait on the Server Admins. As far as I'm concerned, they are Server Admins but just for their Site (thus their Site role is Site Admin) and given all the responsibilities to maintain their Site, Projects, Users, etc. So for a non-Default site it's up to the Site Admin on how Projects are to be permission managed.
Thank you for your input, both.
I decided to go with Toby's advice and default each project to locked, then assign Project Leaders who are trusted to keep the projects secure.