Forum Discussion
Purview Data Governance: Grant access to business consumers search Unified Catalog "Data products"
Hello Team,
I am in Microsoft purview as regular users (business Consumer) to search in Unified Catalog for organization data associated to customers.
The administrator told me they granted me the following roles:
Data Map collection: Data Reader
Governance Domain: Local Catalog Reader.
Governance domain Published
Data product published:
I am able to connect to Purview unified catalog > Discovery > Data Asset and see all the data asset in the data map collections.
however, When I try to access Purview Unified Catalog > Discovery > Data Product > search keyword "Customers" which is a published data products, I got error 403.
Please see the images for the context.
the Microsoft documentation is very confusing about how business consumer can access the data products.
How can I grant access to regular users to search corporate data in Purview Unified catalog for data products?
3 Replies
If you grant any user the local catalog reader on a Governance Domain, no other users than users with local catalog reader permissions on that specific Governance Domain will be able to see anything in that domain.
My advice: Delete all local catalog reader permissions on all Governance Domains, only grant Global Catalog Reader permissions (this permissions can be found in 'settings').
Now every user with global catalog reader permissions will be able to see every dataproduct. Want to make a Governance Domain and it's data products invisible to others again? Only then you should apply local catalog reader permissions again to that specific domain.
In my organization we have 0 Governance Domains that are secret. Anyone is allowed to know, at least on metadata level, what data others domain have.
If you grant any user the local catalog reader on a Governance Domain, no other users than users with local catalog reader permissions on that specific Governance Domain will be able to see anything in that domain.
My advice: Delete all local catalog reader permissions on all Governance Domains, only grant Global Catalog Reader permissions (this permissions can be found in 'settings').
Now every user with global catalog reader permissions will be able to see every dataproduct. Want to make a Governance Domain and it's data products invisible to others again? Only then you should apply local catalog reader permissions again to that specific domain.
In my organization we have 0 Governance Domains that are secret. Anyone is allowed to know, at least on metadata level, what data others domain have.
Hello Rik
Thanks you for your quick reply, Yes, I added the user with the "Global Catalog Reader" Unified role at: Purview>Settings>Unified Catalog>Roles and permissionsHowever, the issue I am facing is related the "Local Catalog Reader", in this case, I want allow access to highly restricted governance domain to specific users, not to everyone.
In theory, when I grant the "Local Catalog Reader" to specific users: no other members in the organization can open this governance domain and only the users with the role "Local Catalog Reader" can access to the governance domain and to the data products published in the specific Governance domain.I just grant to this specific domain at:
1.data map collection level Quebec: Data Reader
2. Unified Catalog level Governance domain Quebec: Local Catalog Reader
the end-user with these 2 roles when access Purview>Unified Catalog> Discovery>Data Product> search for data products in the Governance domain Quebec, it gets: "403 Not Authorized to access account"In theory, the user with "Local Catalog Reader" should be able to search for data products in the governance domain, however, it is not working like documented.
