Blog Post

Microsoft Security Blog
1 MIN READ

Grant users access to data assets through the Microsoft Purview Data owner policies API

inward-eye's avatar
inward-eye
Icon for Microsoft rankMicrosoft
Jul 06, 2023

Microsoft Purview Data owner policies is a cloud-based service that helps you provision access to data sources and datasets securely and at scale. Data owner policies exposes a REST API through which you can grant any Azure AD identity (user, group or service principal) Read or Modify access to a dataset or data resource. The scope for the access can range from fine-grained (e.g., Table or File) to broad (e.g., entire Azure Resource Group or Subscription). This API provides a consistent interface that abstracts the complexity of permissions for each type of data source. Data owner policies currently supports Azure Blob Storage, ADLS gen 2, Azure SQL Database, Azure SQL MI, SQL Server 2022 (via Azure Arc) as public preview. It also supports Cosmos DB in private preview.

 

More about Microsoft Purview Data policy app and the Data owner policies at these links:

 

If you would like to test drive the API, sign-up here to join the private preview.

Updated Jul 18, 2023
Version 2.0
  • GuillaumeB's avatar
    GuillaumeB
    Brass Contributor

    inward-eye I’m looking forward for Data Owner Policy integration with Fabric , any insight when it will be made available (Preview) ? Thanks

  • Hi Sean. Microsoft Purview Data owner policies currently integrates with Azure SQL Database, Azure SQL MI, SQL Server 2022 (Arc-enabled), Azure Storage (Blob and ADLS Gen2). In our roadmap we have Azure Cosmos DB, Fabric and support for 3rd party data sources. We will eventually get to integrate with Dynamics but it is not in our short term plans

  • Sean O'Farrell's avatar
    Sean O'Farrell
    Copper Contributor

    Are there any use cases, where this solution could be used to govern access to Microsoft Dynamics data sets? For example. A customer would like to tightly control a Microsoft Dynamics vendor that supports their Microsoft Dynamic's environment.

     

    Thanks

    Seán