How IT Learning Centre (ITLC) manages access for business units using self-service training data reports in Power BI (PBI)

This page pertains to self-service training data reports that IT Services provision. ITLC manages access to these reports on behalf of IT Services.
The scope of this page is to explain:

  1.  What reports (“apps” in Power BI) are available to data consumers
  2.  How can potential consumers request access or change their level of access
  3. What process does ITLC follow when granting access or changing access
  4. What types of groups and use cases does ITLC consider to have a legitimate interest

This page does not explain how ITLC collects data, how IT Services’ data warehouse processes that data, nor what happens once data consumers export reports from Power BI.

A potential data consumer can request access to one of three reports (“apps”):

Standard App provides access to training data for the required affiliation(s)/department(s)

Enhanced App provides access to training data for the required affiliation(s)/department(s), plus gender equality data; therefore is appropriate for an Athena Swan Administrator and other roles who need this specific data for reporting.

Training Provider App provides access for training administrators who use CoSy. It shows members across the University who have booked the courses that the requesting training provider hosts. This report has fuller detail than the reporting data available within CoSy.

All potential consumers complete a service request via OSM. This mechanism ensures that all requests are processed and logged in a standardised way. 

To complete a service request, the requestor must nominate a suitable approver from their department or division (e.g. Head of Administration and Finance) who can confirm they have local permission to see training data. Once local approval is given, ITLC reviews the request to ensure the potential consumer has a legitimate interest.

The process for changing or revoking access is to make a new service request. ITLC expects a consumer to complete a new service request if that consumer’s permissions change – for example, they move departments or leave the University. 

Here is a summary of how the ITLC manages service requests for new access; the process is intuitively similar for requests to change or revoke access.

  • The requestor submits a Service Request via OSM.
  • OMS sends a request to the approver 


  • Receives approved Service Request as a Task in OSM
  • Reviews the Service Request and queries any details if necessary
  • Checks that the department requested is in the department org structure API
  • If all is acceptable, adds the requester to the row security spreadsheet. This process gives the requester access to the data warehouse. The spreadsheet is updated in the data warehouse every 2 hours between 8.30 4.30 pm
  • Completes the task in OSM 
  • Adds the user to the appropriate Outlook group
  • The requestor receives two emails

1.    A fulfilment email from OSM giving details about how to access Power BI
2.    An email to say they have been added to a Group

The requester can then access Power BI and their requested report.

ITLC will approve use cases that satisfied two criteria:


Users from the following groups… Can request access for legitimate interests covered under the following points…  
  • Departmental HR admins 
  • Divisional HR admins 
  • Central UAS admins 
  • Departmental admin 
  • Divisional admins 
  • Athena Swan coordinators 
  • Training providers 
  • Information Compliance Team
  • a complete training record for everyone in a department, or a division, for a specific time period
  • training records for an individual, or for everyone in a department or a division, who has completed a specific course during a specific time period
  • headline figures for University staff who have completed a mandatory training course 
  • training data for a department combined with detail about trainees’ roles 
  • training data for a department combined with detail about trainees’ gender, year of study, academic course, etc. 
  • headline figures for an FOI request about University members who have completed a specific course, for example, Implicit Bias training



For example, ITLC will approve the following requests:
•    The Departmental Administrator in IT Services requests training records for his department to monitor the uptake of Info Compliance training and remind non-compliant staff.
•    The divisional Athena Swan coordinator for Medical Sciences requests training records for her division so that she can report to a regulator on equality of access to training at Oxford.

For the latest information about legitimate interests, visit Self-Service Training Data Records FAQ 

For access to ITLC’s privacy policy, visit Privacy policy 

For other questions, contact

  • ITLC is only responsible for assessing service requests and granting access to requestors with a legitimate interest. ITLC takes no responsibility for any downstream processing of data. 
  • As the data processor, you are responsible for ensuring you process data appropriately. Contact the Information Compliance Team if you do not understand your responsibilities.