Forum Discussion
Microsoft Purview Roles for Data Consumers in a Data Mesh & Data Democratisation Environment
The model you outlined aligns well with a least-privilege approach for Data Mesh scenarios.
One thing worth validating is how your governance domains plan to handle sensitive data profiling. In many implementations, Data Profile Reader is restricted to data stewards or analysts because profiling can expose content patterns.
Apart from that, using Global Catalog Reader + Data Health Reader + Data Map read-only roles is a good baseline for most data consumers and keeps the experience consistent across the Unified Catalog.
It’s also a good idea to revisit the role mapping once you start onboarding more domains, since some will require additional constraints depending on regulatory requirements.
The model you outlined aligns well with a least-privilege approach for Data Mesh scenarios.
One thing worth validating is how your governance domains plan to handle sensitive data profiling. In many implementations, Data Profile Reader is restricted to data stewards or analysts because profiling can expose content patterns.
Apart from that, using Global Catalog Reader + Data Health Reader + Data Map read-only roles is a good baseline for most data consumers and keeps the experience consistent across the Unified Catalog.
It’s also a good idea to revisit the role mapping once you start onboarding more domains, since some will require additional constraints depending on regulatory requirements.