Forum Discussion
How to assign admin-level permissions in Azure Purview without using Global Administrator
Hello,
We have a question regarding the management of roles and permissions in Azure Purview. According to the documentation (Azure Purview permissions), it seems that Global Administrator permissions are required to access all features, which raises some security concerns for us.
Is there no way to assign a more specific role — similar to how it works in Microsoft Fabric with the Fabric Administrator role — rather than having to assign the Global Administrator role?
If this is indeed not possible, we understand that the proper workflow would be for someone with Global Administrator privileges to go to Azure Purview > Roles and Scopes > Role Groups, and from there assign a more granular Purview-specific role to selected users, such as a Data Curator or Data Source Administrator. Is this correct? Is this the recommended approach?
Thank you in advance for your help.
Best regards,
2 Replies
Hi roddevops, you’re right — Global Administrator access is only required initially to configure Azure Purview and assign the first set of permissions. After that, you can delegate control by assigning built-in Purview roles such as Data Curator, Data Reader, or Data Source Administrator directly from Purview → Management → Access control (IAM). This allows users to manage data access and resources within their assigned scopes without needing ongoing Global Admin rights, following Microsoft’s least-privilege and role-based access best practices.
Hi roddevops,
Azure Purview is now part of Microsoft Purview and integrated into Microsoft Fabric. The new governance model adds more granular role-based permissions, so Global Administrator rights aren’t required for all operations anymore.
You can find the official guidance here: https://learn.microsoft.com/en-us/purview/purview-permissions
