AzurePurview: Role Assignments for Purview Account's Root collection using PowerShell

This article helps to provide role assignment for Azure Purview account using PowerShell 7.

Prerequisites

• Create an Azure Purview account in the Azure portal.
• You need Powershell v7.x.x to use this tool. Please Download and upgrade your Powershell to v7.
• New Version: Import Purview-API-PowerShell 1.10
• OLDER Version: Download and extract Purview-API-Powershell.zip to a folder of your choice.

Steps to launch Azure Purview API via PowerShell

1. Open PowerShell 7 and Run As Administrator
2. Navigate to the folder where you have previously downloaded and extracted the Purview-API-PowerShell.
3. Run "Purview-API-PowerShell.exe" and enter the name of the Azure Purview account.

How to use Azure Purview API via PowerShell

You can choose the below options to use the Azure Purview API.

1. [G] GUI - Interactive Assistance On Help, Usage & Syntax of Purview APIs You can use this option to run the query with the helps of GUI.
2. [T] Text Mode - Enter API Command(s) Manually You can use this option to run the query manually by selecting the options available.
3. [Q] Quit

How to provide the Role Assignments for Purview Account's Root collection using PowerShell

1. Get the details about the Service Principal/user which you want to add to the role assignment for Purview accounts root collections.

• For Users go to Azure Active Directory => users => search user => Click on profile => Copy the ObjectID
• For Service Principal go to Azure Active Directory => Enterprise applications => Search application => Copy the ObjectID

2. Get the details about the metadatapolicy by choosing the GET method => readAllMetadataPolicies command
3. Copy the Policy ID from the API Response Recieved.
4. Get the details about the metadatapolicy by policyID by choosing the GET Method => readMetadataPolicyByPolicyID command
5. Paste the Policy ID and copy entire JSON.
6. Now paste enter API response in the file name "purview-api-body-payload.json" available in the extracted directory.

!Note: The file "purview-api-body-payload.json" extracted in the same directory contains the API Body to be sent in case of PUT or POST APIs. Make sure to blank the file first, update your JSON into it and save the file before executing any "PUT" or "POST" APIs. If you need to back up your previous JSONs, you may do so in a different file name, since this file name "purview-api-body-payload.json" is reserved for the next upcoming API call.

8. Add the user/service principal objectID to the "purview-api-body-payload.json" and save.
9. Go back to the PowerShell and select G and choose the PUT method => putMetadataPolicy command
10. Now successfully, we had provided the Role Assignments for Purview Account's Root collection using PowerShell.
11. You can verfiy the same in Azure Purview Portal. Go to Data Map => Collections => Select your collection => Role assignments =>Verify the username associated with the objectID.