Setting Up Purview and Assigning Roles
Start course

In this course, users will explore the suite of tools available in Microsoft Purview for registering and scanning data sources, connecting a business glossary, searching the data catalog, and customizing metadata with enrichments and classifications. In addition, this course will review some of the management and administrative functionality in Purview, including creating roles, managing authorizations, and using the Apache Atlas API for custom implementations. This course will also review deployment best practices and network security considerations. By completing this course, users will have a strong understanding of the suite of functionality currently available in Purview and how these tools support a larger governance initiative within an organization.  

Learning Objectives

  • Provision and install Microsoft Purview
  • Create and manage a role
  • Register and scan data sources
  • Create a business glossary
  • Enrich metadata with classifications
  • Review data lineage tooling
  • Understand deployment best practices
  • Take network security considerations into account

Intended Audience

This course is designed for individuals who are responsible for setting up, monitoring, or exploring data catalog and governance programs within their organization.  


To get the most from this course, you should have some familiarity and experience with governance tooling as well as a basic understanding of the Azure portal.


Setting up  Purview and assigning roles. The prerequisites for setting up a  Purview account are: an Azure Active Directory tenant associated with our subscription. The user account that we are going to sign into Azure with must be a member of the contributor or owner role and an administrator of the Azure subscription. And there must be no Azure policies preventing the creation of storage accounts or Event Hub namespaces. Because Microsoft  Purview will deploy a managed storage account and Event Hub when it is created. To create a  Purview account from the Azure Portal, we go to the Microsoft  Purview accounts page. From here we select 'Create' to create a new  Purview account. 

Then we enter a Microsoft Purview account name. Spaces and symbols aren't allowed, and the name of the  Purview account must be globally unique. Microsoft  Purview is a platform as a service (PaaS) solution for data governance. Its accounts have public endpoints that are accessible through the Internet to connect to the service. However, all endpoints are secured through Azure Active Directory logins and role-based access control (RBAC). To access  Purview, users are provided with one of numerous roles located on the collections pane of the data map. Let's take a look at the available roles in  Purview. Collection administrator is a role for users that will need to assign roles to other users in  Purview or manage collections. 

Collection admins can add users to roles and collections where there are admins. They can also edit collections, their details, and add subcollections. Data curators provide access to the data catalog to manage assets, configure custom classifications, set up glossary terms, and view insights. Data curators can create, read, modify, move, and delete assets. They can also apply annotations to assets. Data readers are provided read-only access to data assets, classifications, classification rules, collections, and glossary terms. Data source administrator is a role that allows a user to manage data sources and scans. 

If a user is granted only a data source admin role on a given data source, they can run new scans using an existing scan rule. To create new scan rules, the user must also be granted as a Data reader or Data curator role. Policy author is a role that allows a user to view, update, and delete  Purview policies through the policy management app within  Purview. Workflow administrator is a role that allows a user to access the workflow authoring pane in the Microsoft  Purview governance portal, and publish workflows on collections where they have access permissions. Workflow administrator only has access to authoring and we'll also need at least a data reader permission on a collection to be able to access the  Purview catalog.


About the Author

Steve is an experienced Solutions Architect with over 10 years of experience serving customers in the data and data engineering space. He has a proven track record of delivering solutions across a broad range of business areas that increase overall satisfaction and retention. He has worked across many industries, both public and private, and found many ways to drive the use of data and business intelligence tools to achieve business objectives. He is a persuasive communicator, presenter, and quite effective at building productive working relationships across all levels in the organization based on collegiality, transparency, and trust.