You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/purview/catalog-permissions.md
+10-2Lines changed: 10 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -25,6 +25,7 @@ A collection is a tool that the Microsoft Purview Data Map uses to group assets,
25
25
The Microsoft Purview governance portal uses a set of predefined roles to control who can access what within the account. These roles are currently:
26
26
27
27
-**Collection administrator** - a role for users that will need to assign roles to other users in the Microsoft Purview governance portal or manage collections. Collection admins can add users to roles on collections where they're admins. They can also edit collections, their details, and add subcollections.
28
+
A collection administrator on the [root collection](reference-azure-purview-glossary.md#root-collection) also automatically has permission to the Microsoft Purview governance portal. If your **root collection administrator** ever needs to be changed, you can [follow the steps in the section below](#administrator-change).
28
29
-**Data curators** - a role that provides access to the data catalog to manage assets, configure custom classifications, set up glossary terms, and view data estate insights. Data curators can create, read, modify, move, and delete assets. They can also apply annotations to assets.
29
30
-**Data readers** - a role that provides read-only access to data assets, classifications, classification rules, collections and glossary terms.
30
31
-**Data share contributor** - A role that can share data within an organization and with other organizations using data sharing capabilities in Microsoft Purview. Data share contributors can view, create, update, and delete sent and received shares.
@@ -116,9 +117,16 @@ For full instructions, see our [how-to guide for adding role assignments](how-to
116
117
117
118
## Administrator change
118
119
119
-
There may be a time when your [root collection admin](#roles) needs to change. By default, the user who creates the account is automatically assigned collection admin to the root collection. To update the root collection admin, there are three options:
120
+
There may be a time when your [root collection admin](#roles) needs to change. By default, the user who creates the account is automatically assigned collection admin to the root collection. To update the root collection admin, there are four options:
120
121
121
-
- You can [assign permissions through the portal](how-to-create-and-manage-collections.md#add-role-assignments) as you have for any other role.
122
+
- You can manage root collection administrators in the [Azure portal](https://portal.azure.com/):
123
+
1. Sign in to the Azure portal and search for your Microsoft Purview account.
124
+
1. Select **Root collection permission** from the left-side menu on your Microsoft Purview account page.
125
+
1. Select **Add root collection admin** to add an administrator.
126
+
:::image type="content" source="./media/catalog-permissions/root-collection-admin.png" alt-text="Screenshot of a Microsoft Purview account page in the Azure portal with the Root collection permission page selected and the Add root collection admin option highlighted." border="true":::
127
+
1. You can also select **View all root collection admins** to be taken to the root collection in the Microsoft Purview governance portal.
128
+
129
+
- You can [assign permissions through the Microsoft Purview governance portal](how-to-create-and-manage-collections.md#add-role-assignments) as you have for any other role.
122
130
123
131
- You can use the REST API to add a collection administrator. Instructions to use the REST API to add a collection admin can be found in our [REST API for collections documentation.](tutorial-metadata-policy-collections-apis.md#add-the-root-collection-administrator-role) For additional information, you can see our [REST API reference](/rest/api/purview/accounts/add-root-collection-admin).
Copy file name to clipboardExpand all lines: articles/purview/tutorial-metadata-policy-collections-apis.md
+2-1Lines changed: 2 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -922,7 +922,8 @@ Whether you're adding or removing a user, group, or service principal, you'll fo
922
922
}
923
923
```
924
924
## Add the Root Collection Administrator role
925
-
By default, the user who created the Microsoft Purview account is the Root Collection Administrator (that is, the administrator of the topmost level of the collection hierarchy). However, in some cases, an organization needs to change the Root Collection Administrator by using the API. For instance, it's possible that the current Root Collection Administrator no longer exists in the organization. In such a case, the Azure portal might be inaccessible to anyone in the organization. For this reason, using the API to assign a new Root Collection Administrator and manage collection permissions becomes the only way to regain access to the Microsoft Purview account.
925
+
926
+
By default, the user who created the Microsoft Purview account is the Root Collection Administrator (that is, the administrator of the topmost level of the collection hierarchy). However, in some cases, an organization may want to change the Root Collection Administrator using the API.
0 commit comments