Microsoft Purview Unified Catalog – Draft Data Product Visibility (RBAC)

I have three Entra ID security groups that must be able to see all data products across the estate, including Draft, Unpublished, Published, and Retired:

Purview.Admin.Team
Purview.Data.Governance
Purview.Data.Architecture.Team
 

What I tested

I tested assigning these groups to the available Microsoft Purview Unified Catalog roles at both application and governance‑domain scope, including

• Global Catalog Reader / domain reader roles
• Governance Domain Owner
• Data Governance Administrator
• Data Product Owner
• Data Steward
   

Observed results

• Reader roles and Data Governance Administrator allowed users to see the list of data products but not Draft / Unpublished items.
• Governance Domain Owner and Data Product Owner allowed draft visibility but grant ownership/control.
• Only assigning the groups as Data Steward on each governance domain consistently allowed visibility of all data product lifecycle states (Draft, Unpublished, Published, Retired) without granting ownership.
   

Current understanding

• Draft and Unpublished data products are only visible to users assigned domain‑level governance roles
• Data Steward is the least‑privileged role that provides draft visibility
• To achieve estate‑wide draft visibility, the groups must be assigned as Data Steward on every governance domain
• Application‑level roles alone (including Data Governance Administrator) are insufficient
   

Question (seeking confirmation)

Is this understanding and solution correct and aligned with Microsoft’s intended Purview Unified Catalog RBAC design, or is there an alternative supported way to provide read‑only draft data product visibility without assigning Data Steward per governance domain?