We are excited to announce the public preview of Azure Purview’s self-service data access policies. This capability auto-generates policies that control access to the underlying datasets. With the advent of newer technologies such as IoT devices and the plethora of web and mobile applications, the data professionals must not only process and secure structured, semi-structured and unstructured data but also discover the pertinent data from the huge volume of data to solve business problems. Many organizations store data as files in data lakes, unstructured data in non-relational databases and tabular data in relational databases.
Many of our customer have petabyte scale data lakes, and it does not take long for data governance to become extremely difficult. The purpose of the data lake is to accelerate data projects by having the entire organization’s information in one place. The average time taken to identify and retrieve the relevant data from the data lake can take several weeks.
The user journey for data discovery, requesting access and data mapping can be summarized as follows:
Data Consumer's User Journey
Azure Purview is a unified data governance solution that helps you manage and govern your on-premises, multi-cloud, and software-as-a-service (SaaS) data. A holistic and up-to-date view of the data landscape is obtained through automated data discovery, sensitive data classification, and end-to-end data lineage. This enables data consumers to find valuable and trustworthy data, thereby reducing the time taken to complete activities such as metadata discovery. Get started with Azure Purview here.
Now, let us look at the data access or step 2 within the user journey. There is a lack of clarity around:
Which dataset is the user requesting access to?
Who must approve the data access request?
How many approvers and how long will it take to gain access?
Who must provision the data access?
Data consumers already can search and discover datasets using Azure Purview. With self-service data access workflow, the data consumers can request access to those datasets. The self-service data access request will trigger an approval workflow. When the approver(s) approve the data access request, a self-service data access policy is created if the data source’s access management is governed by Azure Purview. These self-service data access policies can be viewed under the data policy tab within Azure Purview.
The user journey of a data consumer is significantly improved with the self-service data access workflow and policy.
Self-Service Data Access Policy can be used in scenarios requiring credential pass-through authentication. Some examples are exploring data using the Azure Synapse workspace, building PBI dashboards, or creating PBI reports.
The key benefits of using self-service data access workflow and self-service data access policy are:
Requesting access to different datasets becomes easy
The data access request and approval process are transparent, and the progress can be tracked
The approvers can approve access requests seamlessly as they can view the metadata of the data assets
A policy gets auto-generated and data requestor can start working with the requested dataset
During public preview, we will be supporting Azure Purview Self-service Data Access Policies in some of the Azure regions.
The list of supported regions, data sources and pre-requisites steps can be found here.
Access docs for Azure Purview Self-Service Data Access Workflow here
Access docs for Azure Purview Self-Service Data Access policies here.