question

WaqasKayani95 avatar image
0 Votes"
WaqasKayani95 asked PRADEEPCHEEKATLA-MSFT commented

[Azure Purview] Access Control policy update: Purview artifact permissions managed through Collections

With the recent policy update, as documented here. Permissions for Purview artifacts/assets should be managed through collections, not Access Control (IAM).

Here, for example. We have created this purview account named purview-synapse-account, and a service principal named purview-app-registration.
Now, if we want to update Purview Account assets using the Service Principal, we can go through Purview Studio UI first, give the needed roles for Service Principal as illustrated in the screenshot, and then make REST API calls. Which works as expected.

128778-deepinscreenshot-select-area-20210902215133.png

Previously, when a Service Principal was given subscription level permissions, for Purview account, it automatically inherited the IAM permissions, and allowed for the Service Principal to make API calls to add/update assets without any manual steps. With the recent changes, if we want to use REST APIs to make changes, we first have to do this manual step from the Purview Portal.

Is there any possible way, the Role Assignments for Purview Account's Root collection can be modified for an entity (e.g. Service Principal) without the Portal? Either through the APIs or CLI/Powershell.
It would be great to have any ideas/suggestions on this.

Thanks.


azure-purview
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @WaqasKayani95,

Thanks for the question and using MS Q&A platform.

We are reaching out to the internal team to get more details. I will be update you once I hear back from the team.

0 Votes 0 ·

0 Answers