Using this official Purview document, we created a Workflow for self-service data access policy. When a consumer submits a request for a Read access to a data asset, it successfully sends the request to the data owner of the asset. Data Owner approves the request, and after approval, a policy gets successfully auto generated. But the consumer still does not have Read access to the data asset via Azure Portal or Azure Storage Explorer. According to following official documentations and a video from Purview teams, the consumer should have a Read access to the data asset.
Question: What we may have been missing and how the issue can be resolved?
Remarks: We have verified all the prerequisites described in the above link, as follows:
Ran the short PowerShell script:
# Install the Az module
Install-Module -Name Az -Scope CurrentUser -Repository PSGallery -Force
# Login into the subscription
Connect-AzAccount -Subscription <SubscriptionID>
# Register the feature
Register-AzProviderFeature -FeatureName AllowPurviewPolicyEnforcement -ProviderNamespace Microsoft.Storage
Data Asset: ADLSGen2 Storage Account [This was created after the above script run]
Purview Collection: Collection1 (subcollection of root collection)
Data Owner roles on the storage account: IAM Owner, Storage Blob Data Contributor
Data Owner roles on Collection1: Data Curator, Data Reader
Consumer role on Collection1: Reader
A screenshot of the policy auto-generated after an approval from data owner: