Merge pull request #191495 from bjspeaks/main

self-service data access policies documentation

Author: LJSpiller

articles/purview/concept-self-service-data-access-policy.md

@@ -0,0 +1,55 @@
+---
+title: Azure Purview Self-service access concepts
+description: Understand what self-service access and data discovery are in Azure Purview, and explore how users can take advantage of it.
+author: bjspeaks
+ms.author: blessonj
+ms.service: purview
+ms.subservice: purview-data-policies
+ms.topic: conceptual
+ms.date: 03/10/2022
+---
+
+# Azure Purview Self-service data discovery and access (Preview)
+
+This article helps you understand Azure Purview Self-service data access policy.
+
+> [!IMPORTANT]
+> Azure Purview Self-service data access policy is currently in PREVIEW. The [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) include additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
+
+## Important limitations
+
+The self-service data access policy is only supported when the prerequisites mentioned in [data use governance](./how-to-enable-data-use-governance.md) are satisfied.
+
+## Overview
+
+Azure Purview Self-service data access workflow allows data consumer to request access to data when browsing or searching for data. Once the data access request is approved, a policy gets auto-generated to grant access to the requestor provided the data source is enabled for data use governance. Currently, self-service data access policy is supported for storage accounts, containers, folders, and files.
+
+A **workflow admin** will need to map a self-service data access workflow to a collection. Collection is logical grouping of data sources that are registered within Azure Purview. **Only data source(s) that are registered** for data use governance will have self-service policies auto-generated.
+
+## Terminology
+
+* **Data consumer** is anyone who uses the data. Example, a data analyst accessing marketing data for customer segmentation. Data consumer and data requestor will be used interchangeably within this document.
+
+* **Collection** is logical grouping of data sources that are registered within Azure Purview.
+
+* **Self-service data access workflow** is the workflow that is initiated when a data consumer requests access to data.
+
+* **Approver** is either security group or AAD users that can approve self-service access requests.
+
+## How to use Azure Purview self-service data access policy
+
+Azure Purview allows organizations to catalog metadata about all registered data assets. It allows data consumers to search for or browse to the required data asset.  
+
+With self-service data access workflow, data consumers can not only find data assets but also request access to the data assets. When the data consumer requests access to a data asset, the associated self-service data access workflow is triggered.
+
+A default self-service data access workflow template is provided with every Azure Purview account.The default template can be amended to add more approvers and/or set the approver's email address. For more details refer [Create and enable self-service data access workflow](./how-to-workflow-self-service-data-access-hybrid.md).
+
+Whenever a data consumer requests access to a dataset, the notification is sent to the workflow approver(s). The approver(s) can view the request and approve it either from Azure purview portal or from within the email notification. When the request is approved, a policy is auto-generated and applied against the respective, data source. self-service data access Policy gets auto-generated only if the data source is registered for **data use governance**. The pre-requisites mentioned within the [data use governance](./how-to-enable-data-use-governance.md) have to be satisfied.  
+
+## Next steps
+
+If you would like to preview these features in your environment, follow the link below.
+-  [Enable data use governance](./how-to-enable-data-use-governance.md)
+-  [create self-service data access workflow](./how-to-workflow-self-service-data-access-hybrid.md)
+-  [working with policies at file level](https://techcommunity.microsoft.com/t5/azure-purview-blog/data-policy-features-accessing-data-when-file-level-permission/ba-p/3102166)
+-  [working with policies at folder level](https://techcommunity.microsoft.com/t5/azure-purview-blog/data-policy-features-accessing-data-when-folder-level-permission/ba-p/3109583)

articles/purview/how-to-delete-self-service-data-access-policy.md

@@ -0,0 +1,68 @@
+---
+title: Delete self-service policies 
+description: This article describes how to delete auto-generated self-service policies 
+author: bjspeaks
+ms.author: blessonj
+ms.service: purview
+ms.subservice: purview-data-policies
+ms.topic: how-to
+ms.date: 09/27/2021
+---
+# How to delete self-service data access policies
+
+In an Azure Purview catalog, you can now request access to datasets and self-service policies get auto-generated if the  data source is enabled for **data use governance**.
+
+This guide describes how to delete self-service data access policies that have been auto-generated when data access request is approved.
+
+## Prerequisites
+
+> [!IMPORTANT]
+> To delete self-service policies, make sure that the below prerequisites are completed.
+
+Self-service policies must exist for them to be deleted. Refer to the articles below to create
+self-service policies
+
+- [Enable Data Use Governance](./how-to-enable-data-use-governance.md)
+- [Create a self-service data access workflow](./how-to-workflow-self-service-data-access-hybrid.md)
+- [Approve self-service data access request](how-to-workflow-manage-requests-approvals.md)
+
+## Permission
+
+Only users with **Policy Admin** privilege can delete self-service data access policies.
+
+## Steps to delete self-service data access policies
+
+### Step 1: Open the Azure portal and launch the Azure purview studio 
+
+The Azure Purview studio can be launched as shown below or by using using the url directly.
+
+:::image type="content" source="./media/how-to-delete-self-service-data-access-policy/Purview-Studio-launch-pic-1.png" alt-text="Launch the Azure Purview Studio":::
+
+### Step 2: Open the policy management tab
+
+Click the policy management tab to launch the self-service access policies.
+
+:::image type="content" source="./media/how-to-delete-self-service-data-access-policy/Purview-Studio-self-service-tab-pic-2.png" alt-text="Click policy management tab":::
+
+### Step 3: Open the self-service access policies tab
+
+:::image type="content" source="./media/how-to-delete-self-service-data-access-policy/Purview-Studio-self-service-tab-pic-3.png" alt-text="Click open the self-service access policies tab":::
+
+
+### Step 4: Select the policies to be deleted
+
+The policies can be sorted by the different fields. once sorted, select the policies that need to be deleted.
+
+:::image type="content" source="./media/how-to-delete-self-service-data-access-policy/Purview-Studio-selecting-policy-pic-4.png" alt-text="select the policy to be deleted":::
+
+### Step 5: Delete the policy
+
+Click the delete button to delete policies that need to be removed. 
+
+:::image type="content" source="./media/how-to-delete-self-service-data-access-policy/Purview-Studio-press-delete-pic-5.png" alt-text="Delete policy":::
+
+click **OK** on the confirmation dialog box to delete the policy. Refresh the screen to check whether the policies have been deleted.
+
+## Next steps
+
+- [Self-service data access policy](./concept-self-service-data-access-policy.md)

articles/purview/how-to-view-self-service-data-access-policy.md

@@ -0,0 +1,60 @@
+---
+title: View self-service policies 
+description: This article describes how to view auto-generated self-service policies 
+author: bjspeaks
+ms.author: blessonj
+ms.service: purview
+ms.subservice: purview-data-policies
+ms.topic: how-to
+ms.date: 09/27/2021
+---
+# How to view self-service data access policies
+
+In an Azure Purview catalog, you can now request access to datasets and self-service policies get auto-generated if the  data source is enabled for **data use governance**.
+
+This guide describes how to view self-service data access policies that have been auto-generated when data access request is approved.
+
+## Prerequisites
+
+> [!IMPORTANT]
+> To view self-service policies, make sure that the below prerequisites are completed.
+
+Self-service policies must exist for them to be viewed. Refer to the articles below to create
+self-service policies
+
+- [Enable Data Use Governance](./how-to-enable-data-use-governance.md)
+- [Create a self-service data access workflow](./how-to-workflow-self-service-data-access-hybrid.md)
+- [Approve self-service data access request](how-to-workflow-manage-requests-approvals.md)
+
+## Permission
+
+Only users with **Policy Admin** privilege can delete self-service data access policies.
+
+## Steps to view self-service data access policies
+
+### Step 1: Open the Azure portal and launch the Azure purview studio 
+
+The Azure Purview studio can be launched as shown below or by using using the url directly.
+
+:::image type="content" source="./media/how-to-view-self-service-data-access-policy/Purview-Studio-launch-pic-1.png" alt-text="Launch the Azure Purview studio.":::
+
+### Step 2: Open the policy management tab
+
+Click the policy management tab to launch the self-service access policies.
+
+:::image type="content" source="./media/how-to-view-self-service-data-access-policy/Purview-Studio-self-service-tab-pic-2.png" alt-text="Click open the policy management tab":::
+
+### Step 3: Open the self-service access policies tab
+
+:::image type="content" source="./media/how-to-view-self-service-data-access-policy/Purview-Studio-self-service-tab-pic-3.png" alt-text="Click open the self-service access policies tab":::
+
+
+### Step 4: View the self-service policies
+
+The policies can be sorted by the different fields.The policy can be filtered based on data source type and sorted by any of the columns on display
+
+:::image type="content" source="./media/how-to-view-self-service-data-access-policy/Purview-Studio-self-service-tab-pic-4.png" alt-text="sorting and filtering display data":::
+
+## Next steps
+
+- [Self-service data access policy](./concept-self-service-data-access-policy.md)

articles/purview/index.yml

@@ -161,9 +161,13 @@ landingContent:
   #Card
   - title: Secure your data
     linkLists:
+    - linkListType: concept
+      links:
+        - text: Self-service data access policy
+          url: concept-self-service-data-access-policy.md
     - linkListType: tutorial
       links:
         - text: Data owner policies for Azure Storage
           url: tutorial-data-owner-policies-storage.md
         - text: Data owner policies on resource groups or subscriptions
-          url: tutorial-data-owner-policies-resource-group.md  
+          url: tutorial-data-owner-policies-resource-group.md