Microsoft Purview access policies enable customers to manage access to different data systems across their entire data estate, all from a central location in the cloud. These policies are access grants that can be created through Microsoft Purview Studio, avoiding the need for code. They dictate whether a set of AAD principals (users, groups, etc.) should be allowed or denied a specific type of access (e.g., Read, Modify) to a data source or a data asset within it. These policies get communicated to and get natively enforced by the data source.
DevOps policies are a special type of Microsoft Purview access policies. They leverage Microsoft Purview’s understanding of the customer’s data estate to simplify access provisioning for IT operations and security auditing functions. Access to system metadata is crucial for DBAs and other DevOps users to perform their job. That access can be granted and revoked efficiently and at-scale from Microsoft Purview. Microsoft Purview DevOps policies support a couple of permissions for SQL-type data sources: Microsoft Purview DevOps policies can be configured on individual data sources, resource groups and subscriptions. Beyond the UI, they also support an API which can be called from other DevOps tools.