Forum Discussion

Sergio_Londono's avatar
Sergio_Londono
Copper Contributor
Jun 03, 2025

Purview Data Governance: Grant access to business consumers search Unified Catalog "Data products"

Hello Team, I am in Microsoft purview as regular users (business Consumer) to search in Unified Catalog for organization data associated to customers. The administrator told me they granted me the ...
data catalog
data product
Governance Domain
Unified catalog
Rik's avatar
Rik
Brass Contributor
Jun 05, 2025

If you grant any user the local catalog reader on a Governance Domain, no other users than users with local catalog reader permissions on that specific Governance Domain will be able to see anything in that domain.

 

My advice: Delete all local catalog reader permissions on all Governance Domains, only grant Global Catalog Reader permissions (this permissions can be found in 'settings'). 

 

Now every user with global catalog reader permissions will be able to see every dataproduct. Want to make a Governance Domain and it's data products invisible to others again? Only then you should apply local catalog reader permissions again to that specific domain.

 

In my organization we have 0 Governance Domains that are secret. Anyone is allowed to know, at least on metadata level, what data others domain have. 

  • Sergio_Londono's avatar
    Sergio_Londono
    Copper Contributor
    Jun 06, 2025

    Hello Rik​ 

    Thanks you for your quick reply, Yes, I added the user with the "Global Catalog Reader" Unified role at: Purview>Settings>Unified Catalog>Roles and permissions

    However, the issue I am facing is related the "Local Catalog Reader", in this case, I want allow access to highly restricted governance domain to specific users, not to everyone.

    In theory, when I grant the "Local Catalog Reader" to specific users: no other members in the organization can open this governance domain and only the users with the role "Local Catalog Reader" can access to the governance domain and to the data products published in the specific Governance domain.

    I just grant to this specific domain at:

    1.data map collection level Quebec: Data Reader

    2. Unified Catalog level Governance domain Quebec: Local Catalog Reader

    the end-user with these 2 roles when access Purview>Unified Catalog> Discovery>Data Product> search for data products in the Governance domain Quebec, it gets: "403 Not Authorized to access account"

    In theory, the user with "Local Catalog Reader"  should be able to search for data products in the governance domain, however, it is not working like documented.


Resources