Forum Discussion
Microsoft Purview Roles for Data Consumers in a Data Mesh & Data Democratisation Environment
The model you outlined aligns well with a least-privilege approach for Data Mesh scenarios.
One thing worth validating is how your governance domains plan to handle sensitive data profiling. In many implementations, Data Profile Reader is restricted to data stewards or analysts because profiling can expose content patterns.
Apart from that, using Global Catalog Reader + Data Health Reader + Data Map read-only roles is a good baseline for most data consumers and keeps the experience consistent across the Unified Catalog.
It’s also a good idea to revisit the role mapping once you start onboarding more domains, since some will require additional constraints depending on regulatory requirements.
The Ask
Are these six roles the right ones to assign to Data Consumers to make sure they can browse the catalogue? Are there any more or roles that should not be used or needed?
Unified Catalog Settings
- Global Catalog Reader
Data Health Reader
Unified Catalog Governance Domain Roles
- Data Quality Reader
Data Profile Reader (Conditional)
Data Map Role Assignments
- Data Reader
Insights Reader