In the Data Policy features: Accessing data when file level permission is granted - Microsoft Tech Communit... blog, we looked at how users can work with files when file level access is granted. This blog explains how to access data when permission is granted at the folder level using Azure Purview’s Data Policy features.
After a data source is registered for Data use governance, policy author role within Azure Purview will be able to create policies in the policy management interface. Here the user, Alice, is granted read access to the Customer folder in ADLS Gen 2 storage.
Alice will not be able to browse to the asset using Azure Portal or Storage explorer if the only permission granted is read/modify access at the folder level of a storage account.
This allows organizations to not only secure data perimeters but also grant users minimum access required to work with datasets.
When file or folder level access is granted, the user can open the file in the Azure Synapse Analytics workspace. The approach is similar to the one mentioned in the Data Policy features: Accessing data when file level permission is granted - Microsoft Tech Communit... blog.
However, folder level access allows users to leverage PowerBI Desktop to explore the data.
The user must login to the Azure Purview account and search for the customer folder.
Click open the correct folder and copy the Fully qualified name
Open PowerBI desktop and select the Get data icon. Make the selections shown below and click connect.
Paste the fully qualified path of the folder, which was copied from Azure Purview, and click ok.
Select the correct folder from the drop down menu and then click sign in. Enter your PBI credentials.
Finally, click connect
Alice can now either transform or load the data within the folder.
Get Started