Merge pull request #186582 from ePpnqeqR/master

converting include into separate tutorial

Author: jborsecnik

articles/purview/media/how-to-access-policies-storage/register-data-source-for-policy-storage.png

@@ -34,6 +34,8 @@ items:
       href: tutorial-data-owner-policies-storage.md
     - name: Data owner policies on resource groups or subscriptions
       href: tutorial-data-owner-policies-resource-group.md
+    - name: Authoring and publish data owner access policies
+      href: tutorial-data-owner-policy-authoring-generic.md
   - name: Onboard an on-premises SQL Server instance
     href: tutorial-register-scan-on-premises-sql-server.md
   - name: Use REST APIs for data planes

articles/purview/media/tutorial-access-policies-resource-group/register-resource-group-for-policy.png

@@ -1,18 +1,18 @@
 ---
-title: Access provisioning by data owner to resource groups or subscriptions
-description: Step-by-step guide showing how a data owner can create policies on resource groups or subscriptions.
+title: Resource group and subscription access provisioning by data owner
+description: Step-by-step guide showing how a data owner can create access policies to resource groups or subscriptions.
 author: ePpnqeqR
 ms.author: vlrodrig
 ms.service: purview
 ms.subservice: purview-data-policies
 ms.topic: tutorial
-ms.date: 1/25/2022
+ms.date: 1/27/2022
 ms.custom:
 ---
 
-# Access provisioning by data owner to resource groups or subscriptions (preview)
+# Resource group and subscription access provisioning by data owner (preview)
 
-This guide describes how a data owner can leverage Azure Purview to enable access to ALL data sources in a subscription or a resource group. This can be achieved through a single policy statement, and will cover all existing data sources, as well as data sources that are created afterwards. However, at this point, only the following data sources are supported:
+This tutorial describes how a data owner can leverage Azure Purview to enable access to ALL data sources in a subscription or a resource group. This can be achieved through a single policy statement, and will cover all existing data sources, as well as data sources that are created afterwards. However, at this point, only the following data sources are supported:
 - Blob storage
 - Azure Data Lake Storage (ADLS) Gen2
 
@@ -33,14 +33,16 @@ The subscription or resource group needs to be registered with Azure Purview to
 
 - [Register multiple sources - Azure Purview](register-scan-azure-multiple-sources.md)
 
-Enable the resource group or subscription for access policies in Azure Purview by setting the **Data use governance** toggle to enable, as shown in the picture.
+Enable the resource group or the subscription for access policies in Azure Purview by setting the **Data use governance** toggle to enable, as shown in the picture.
 
-![Image shows how to register a data source for policy.](./media/tutorial-access-policies-resource-group/register-resource-group-for-policy.png)
+![Image shows how to register a resource group or subscription for policy.](./media/tutorial-data-owner-policies-resource-group/register-resource-group-for-policy.png)
 
 [!INCLUDE [Access policies generic registration](./includes/access-policies-registration-generic.md)]
 
 ## Policy authoring
-[!INCLUDE [Access policies generic authoring](./includes/access-policies-authoring-generic.md)]
+Execute the steps in the [data-owner policy authoring tutorial](tutorial-data-owner-policy-authoring-generic.md) to create and publish a policy similar to the example shown in the image: a policy that provides security group *sg-Finance* *modify* access to resource group *finance-rg*:
+
+![Image shows a sample data owner policy giving access to a resource group.](./media/tutorial-data-owner-policies-resource-group/data-owner-policy-example-resource-group.png)
 
 ## Additional information
 
@@ -51,8 +53,8 @@ The limit for Azure Purview policies that can be enforced by Storage accounts is
 > - Publish is a background operation. It can take up to **2 hours** for the changes to be reflected in the data source.
 
 ## Next steps
-Check the blog and demo related to the capabilities mentioned in this how-to guide
+Check blog, demo and related tutorials
 
 * [What's New in Azure Purview at Microsoft Ignite 2021](https://techcommunity.microsoft.com/t5/azure-purview/what-s-new-in-azure-purview-at-microsoft-ignite-2021/ba-p/2915954)
-* [Demo of access policy for Azure Storage](https://www.youtube.com/watch?v=CFE8ltT19Ss)
+* [Demo of data owner access policies for Azure Storage](https://www.youtube.com/watch?v=CFE8ltT19Ss)
 * [Enable Azure Purview data owner policies on an Azure Storage account](./tutorial-data-owner-policies-storage.md)

articles/purview/media/tutorial-data-owner-policies-resource-group/data-owner-policy-example-resource-group.png

@@ -1,18 +1,18 @@
 ---
 title: Access provisioning by data owner to Azure Storage datasets
-description: Step-by-step guide on how to integrate Azure Storage with Azure Purview to enable data owners to create access policies.
+description: Step-by-step guide showing how data owners can create access policies to datasets in Azure Storage
 author: ePpnqeqR
 ms.author: vlrodrig
 ms.service: purview
 ms.subservice: purview-data-policies
-ms.topic: how-to
-ms.date: 1/25/2022
+ms.topic: tutorial
+ms.date: 1/27/2022
 ms.custom:
 ---
 
 # Access provisioning by data owner to Azure Storage datasets (preview)
 
-This guide describes how a data owner can leverage Azure Purview to enable access to datasets in Azure Storage. At this point, only the following data sources are supported:
+This tutorial describes how a data owner can leverage Azure Purview to enable access to datasets in Azure Storage. At this point, only the following data sources are supported:
 - Blob storage
 - Azure Data Lake Storage (ADLS) Gen2
 
@@ -37,13 +37,16 @@ Register and scan each data source with Azure Purview to later define access pol
 
 Enable the data source for access policies in Azure Purview by setting the **Data use governance** toggle to enable, as shown in the picture.
 
-![Image shows how to register a data source for policy.](./media/how-to-access-policies-storage/register-data-source-for-policy-storage.png)
+![Image shows how to register a data source for policy.](./media/tutorial-data-owner-policies-storage/register-data-source-for-policy-storage.png)
 
 [!INCLUDE [Access policies generic registration](./includes/access-policies-registration-generic.md)]
 
 
 ## Policy authoring
-[!INCLUDE [Access policies generic authoring](./includes/access-policies-authoring-generic.md)]
+Execute the steps in the [data-owner policy authoring tutorial](tutorial-data-owner-policy-authoring-generic.md) to create and publish a policy similar to the example shown in the image: a policy that provides group *Contoso Team* *read* access to Storage account *marketinglake1*:
+
+![Image shows a sample data owner policy giving access to an Azure Storage account.](./media/tutorial-data-owner-policies-storage/data-owner-policy-example-storage.png)
+
 
 ## Additional information
 >[!Important]
@@ -84,7 +87,7 @@ This section contains a reference of how actions in Azure Purview data policies
 
 
 ## Next steps
-Check the blog and demo related to the capabilities mentioned in this how-to guide
+Check blog, demo and related tutorials
 
 * [What's New in Azure Purview at Microsoft Ignite 2021](https://techcommunity.microsoft.com/t5/azure-purview/what-s-new-in-azure-purview-at-microsoft-ignite-2021/ba-p/2915954)
 * [Demo of access policy for Azure Storage](https://www.youtube.com/watch?v=CFE8ltT19Ss)

articles/purview/media/tutorial-data-owner-policies-resource-group/register-resource-group-for-policy.png

@@ -1,16 +1,20 @@
 ---
+title: Authoring and publish data owner access policies
+description: Step-by-step guide on how a data owner can author and publish access policies in Azure Purview
 author: ePpnqeqR
 ms.author: vlrodrig
 ms.service: purview
 ms.subservice: purview-data-policies
-ms.topic: include
-ms.date: 01/25/2022
+ms.topic: tutorial
+ms.date: 1/27/2022
 ms.custom:
 ---
 
-This section describes the steps for creating, updating, and publishing Azure Purview access policies.
+# Authoring and publish data owner access policies (preview)
 
-### Create a new policy
+This tutorial describes how a data owner can create, update and publish access policies in Azure Purview
+
+## Create a new policy
 
 This section describes the steps to create a new policy in Azure Purview.
 
@@ -20,13 +24,13 @@ This section describes the steps to create a new policy in Azure Purview.
 
 1. Select the **New Policy** button in the policy page.
 
-    ![Image shows how a data owner can access the Policy functionality in Azure Purview when it wants to create policies.](../media/access-policies-common/policy-onboard-guide-1.png)
+    ![Image shows how a data owner can access the Policy functionality in Azure Purview when it wants to create policies.](./media/access-policies-common/policy-onboard-guide-1.png)
 
 1. The new policy page will appear. Enter the policy **Name** and **Description**.
 
 1. To add policy statements to the new policy, select the **New policy statement** button. This will bring up the policy statement builder.
 
-    ![Image shows how a data owner can create a new policy statement.](../media/access-policies-common/create-new-policy.png)
+    ![Image shows how a data owner can create a new policy statement.](./media/access-policies-common/create-new-policy.png)
 
 1. Select the **Effect** button and choose *Allow* from the drop-down list.
 
@@ -36,37 +40,37 @@ This section describes the steps to create a new policy in Azure Purview.
 
 1. If you want to create a broad policy statement that covers an entire data source, resource group, or subscription, use the **Data sources** box and select its **Type**. Use the **Assets** box instead if you want to create a more granular policy on a previously scanned data source. In that case, enter the **Data Source Type** and the **Name** of a previously registered data source (as shown in the image).
 
-    ![Image shows how a data owner can select a Data Resource when editing a policy statement.](../media/access-policies-common/select-data-source-type.png)
+    ![Image shows how a data owner can select a Data Resource when editing a policy statement.](./media/access-policies-common/select-data-source-type.png)
 
 1. Select the **Continue** button and transverse the hierarchy to select the folder or file. Then select the **Add** button. This will take you back to the policy editor.
 
-    ![Image shows how a data owner can select the asset when creating or editing a policy statement.](../media/access-policies-common/select-asset.png)
+    ![Image shows how a data owner can select the asset when creating or editing a policy statement.](./media/access-policies-common/select-asset.png)
 
 1. Select the **Subjects** button and enter the subject identity as a principal, group, or MSI. Then select the **OK** button. This will take you back to the policy editor
 
-    ![Image shows how a data owner can select the subject when creating or editing a policy statement.](../media/access-policies-common/select-subject.png)
+    ![Image shows how a data owner can select the subject when creating or editing a policy statement.](./media/access-policies-common/select-subject.png)
 
 1. Repeat the steps #5 to #11 to enter any more policy statements.
 
 1. Select the **Save** button to save the policy
 
-### Update or delete a policy
+## Update or delete a policy
 
 Steps to create a new policy in Azure Purview are as follows.
 
 1. Sign in to Azure Purview Studio.
 
 1. Navigate to the Policy management app using the left side panel.
 
-    ![Image shows how a data owner can access the Policy functionality in Azure Purview when it wants to update a policy.](../media/access-policies-common/policy-onboard-guide-2.png)
+    ![Image shows how a data owner can access the Policy functionality in Azure Purview when it wants to update a policy.](./media/access-policies-common/policy-onboard-guide-2.png)
 
 1. The Policy portal will present the list of existing policies in Azure Purview. Select the policy that needs to be updated.
 
 1. The policy details page will appear, including Edit and Delete options. Select the **Edit** button, which brings up the policy statement builder. Now, any parts of the statements in this policy can be updated. To delete the policy, use the **Delete** button.
 
-    ![Image shows how a data owner can edit or delete a policy statement.](../media/access-policies-common/edit-policy.png)
+    ![Image shows how a data owner can edit or delete a policy statement.](./media/access-policies-common/edit-policy.png)
 
-### Publish the policy
+## Publish the policy
 
 A newly created policy is in the draft state. The process of publishing associates the new policy with one or more data sources under governance. This is called "binding" a policy to a data source.
 
@@ -76,15 +80,23 @@ The steps to publish a policy are as follows
 
 1. Navigate to the Policy management app using the left side panel.
 
-    ![Image shows how a data owner can access the Policy functionality in Azure Purview when it wants to publish a policy.](../media/access-policies-common/policy-onboard-guide-2.png)
+    ![Image shows how a data owner can access the Policy functionality in Azure Purview when it wants to publish a policy.](./media/access-policies-common/policy-onboard-guide-2.png)
 
 1. The Policy portal will present the list of existing policies in Azure Purview. Locate the policy that needs to be published. Select the **Publish** button on the right top corner of the page.
 
-    ![Image shows how a data owner can publish a policy.](../media/access-policies-common/publish-policy.png)
+    ![Image shows how a data owner can publish a policy.](./media/access-policies-common/publish-policy.png)
 
 1. A list of data sources is displayed. You can enter a name to filter the list. Then, select each data source where this policy is to be published and then select the **Publish** button.
 
-    ![Image shows how a data owner can select the data source where the policy will be published.](../media/access-policies-common/select-data-sources-publish-policy.png)
+    ![Image shows how a data owner can select the data source where the policy will be published.](./media/access-policies-common/select-data-sources-publish-policy.png)
 
 >[!Note]
 > - After making changes to a policy, there is no need to publish it again for it to take effect if the data source(s) continues to be the same.
+
+## Next steps
+Check blog, demo and related tutorials
+
+* [What's New in Azure Purview at Microsoft Ignite 2021](https://techcommunity.microsoft.com/t5/azure-purview/what-s-new-in-azure-purview-at-microsoft-ignite-2021/ba-p/2915954)
+* [Demo of data owner access policies for Azure Storage](https://www.youtube.com/watch?v=CFE8ltT19Ss)
+* [Enable Azure Purview data owner policies on all data sources in a subscription or a resource group](./tutorial-data-owner-policies-resource-group.md)
+* [Enable Azure Purview data owner policies on an Azure Storage account](./tutorial-data-owner-policies-storage.md)