Converting tutorials to how-to

Author: whhender

articles/purview/.openpublishing.redirection.purview.json

@@ -144,6 +144,11 @@
         "source_path_from_root": "/articles/purview/scan-insights.md",
         "redirect_url": "/azure/purview/how-to-monitor-scan-runs",
         "redirect_document_id": true
+      },
+      {
+        "source_path_from_root": "/articles/purview/tutorial-data-owner-policies-resource-group.md",
+        "redirect_url": "/azure/purview/how-to-data-owner-policies-resource-group",
+        "redirect_document_id": true
       }
 ]
 }

articles/purview/concept-data-owner-policies.md

@@ -99,5 +99,5 @@ A policy published to a data source could contain references to an asset belongi
 ## Next steps
 Check the tutorials on how to create policies in Azure Purview that work on specific data systems such as Azure Storage:
 
-* [Access provisioning by data owner to Azure Storage datasets](tutorial-data-owner-policies-storage.md)
-* [Enable Azure Purview data owner policies on all data sources in a subscription or a resource group](./tutorial-data-owner-policies-resource-group.md)
+* [Access provisioning by data owner to Azure Storage datasets](how-to-data-owner-policies-storage.md)
+* [Enable Azure Purview data owner policies on all data sources in a subscription or a resource group](./how-to-data-owner-policies-resource-group.md)

articles/purview/concept-self-service-data-access-policy.md

@@ -18,7 +18,7 @@ This article helps you understand Azure Purview Self-service data access policy.
 
 ## Important limitations
 
-The self-service data access policy is only supported when the prerequisites mentioned in [data use governance](./tutorial-data-owner-policies-storage.md) are satisfied.
+The self-service data access policy is only supported when the prerequisites mentioned in [data use governance](./how-to-enable-data-use-governance.md#prerequisites) are satisfied.
 
 ## Overview
 
@@ -44,12 +44,12 @@ With self-service data access workflow, data consumers can not only find data as
 
 A default self-service data access workflow template is provided with every Azure Purview account.The default template can be amended to add more approvers and/or set the approver's email address. For more details refer [Create and enable self-service data access workflow](./how-to-workflow-self-service-data-access-hybrid.md).
 
-Whenever a data consumer requests access to a dataset, the notification is sent to the workflow approver(s). The approver(s) can view the request and approve it either from Azure purview portal or from within the email notification. When the request is approved, a policy is auto-generated and applied against the respective data source. Self-service data access policy gets auto-generated only if the data source is registered for **data use governance**. The pre-requisites mentioned within the [data use governance](./tutorial-data-owner-policies-storage.md) have to be satisfied.  
+Whenever a data consumer requests access to a dataset, the notification is sent to the workflow approver(s). The approver(s) can view the request and approve it either from Azure purview portal or from within the email notification. When the request is approved, a policy is auto-generated and applied against the respective data source. Self-service data access policy gets auto-generated only if the data source is registered for **data use governance**. The pre-requisites mentioned within the [data use governance](./how-to-enable-data-use-governance.md#prerequisites) have to be satisfied.  
 
 ## Next steps
 
 If you would like to preview these features in your environment, follow the link below.
--  [Enable data use governance](./tutorial-data-owner-policies-storage.md)
+-  [Enable data use governance](./how-to-enable-data-use-governance.md#prerequisites)
 -  [create self-service data access workflow](./how-to-workflow-self-service-data-access-hybrid.md)
 -  [working with policies at file level](https://techcommunity.microsoft.com/t5/azure-purview-blog/data-policy-features-accessing-data-when-file-level-permission/ba-p/3102166)
 -  [working with policies at folder level](https://techcommunity.microsoft.com/t5/azure-purview-blog/data-policy-features-accessing-data-when-folder-level-permission/ba-p/3109583)

articles/purview/tutorial-data-owner-policies-resource-group.md renamed to articles/purview/how-to-data-owner-policies-resource-group.md

@@ -5,25 +5,18 @@ author: inward-eye
 ms.author: vlrodrig
 ms.service: purview
 ms.subservice: purview-data-policies
-ms.topic: tutorial
+ms.topic: how-to
 ms.date: 3/14/2022
 ms.custom:
 ---
 
-# Tutorial: Resource group and subscription access provisioning by data owner (preview)
+# Resource group and subscription access provisioning by data owner (preview)
 [!INCLUDE [feature-in-preview](includes/feature-in-preview.md)]
 
-This tutorial describes how a data owner can leverage Azure Purview to enable access to ALL data sources in a subscription or a resource group. This can be achieved through a single policy statement, and will cover all existing data sources, as well as data sources that are created afterwards. However, at this point, only the following data sources are supported:
+This article describes how a data owner can leverage Azure Purview to enable access to ALL data sources in a subscription or a resource group. This can be achieved through a single policy statement, and will cover all existing data sources, as well as data sources that are created afterwards. However, at this point, only the following data sources are supported:
 - Blob storage
 - Azure Data Lake Storage (ADLS) Gen2
 
-In this tutorial, you learn how to:
-> [!div class="checklist"]
-> * Prerequisites
-> * Configure permissions
-> * Register a data asset for Data use governance
-> * Create and publish a policy
-
 ## Prerequisites
 [!INCLUDE [Access policies generic pre-requisites](./includes/access-policies-prerequisites-generic.md)]
 
@@ -39,7 +32,7 @@ The subscription or resource group needs to be registered with Azure Purview to
 
 Follow this link to [Enable the resource group or subscription for access policies](./how-to-enable-data-use-governance.md) in Azure Purview by setting the **Data use governance** toggle to **Enabled**, as shown in the picture.
 
-![Image shows how to register a resource group or subscription for policy.](./media/tutorial-data-owner-policies-resource-group/register-resource-group-for-policy.png)
+![Image shows how to register a resource group or subscription for policy.](./media/how-to-data-owner-policies-resource-group/register-resource-group-for-policy.png)
 
 ## Create and publish a data owner policy
 Execute the steps in the [data-owner policy authoring tutorial](how-to-data-owner-policy-authoring-generic.md) to create and publish a policy similar to the example shown in the image: a policy that provides security group *sg-Finance* *modify* access to resource group *finance-rg*:
@@ -56,9 +49,9 @@ Execute the steps in the [data-owner policy authoring tutorial](how-to-data-owne
 The limit for Azure Purview policies that can be enforced by Storage accounts is 100MB per subscription, which roughly equates to 5000 policies.
 
 ## Next steps
-Check blog, demo and related tutorials
+Check blog, demo and related tutorials:
 
 * [Concepts for Azure Purview data owner policies](./concept-data-owner-policies.md)
-* [Data owner policies on an Azure Storage account](./tutorial-data-owner-policies-storage.md)
+* [Data owner policies on an Azure Storage account](./how-to-data-owner-policies-storage.md)
 * [Blog: resource group-level governance can significantly reduce effort](https://techcommunity.microsoft.com/t5/azure-purview-blog/data-policy-features-resource-group-level-governance-can/ba-p/3096314)
 * [Demo of data owner access policies for Azure Storage](/video/media/8ce7c554-0d48-430f-8f63-edf94946947c/purview-policy-storage-dataowner-scenario_mid.mp4)

articles/purview/how-to-data-owner-policies-storage.md

@@ -0,0 +1,95 @@
+---
+title: Access provisioning by data owner to Azure Storage datasets
+description: Step-by-step guide showing how data owners can create access policies to datasets in Azure Storage
+author: inward-eye
+ms.author: vlrodrig
+ms.service: purview
+ms.subservice: purview-data-policies
+ms.topic: how-to
+ms.date: 03/14/2022
+ms.custom:
+---
+
+# Access provisioning by data owner to Azure Storage datasets (preview)
+
+[!INCLUDE [feature-in-preview](includes/feature-in-preview.md)]
+
+This article describes how a data owner can use Azure Purview to enable access to datasets in Azure Storage. At this point, only the following data sources are supported:
+- Blob storage
+- Azure Data Lake Storage (ADLS) Gen2
+
+## Prerequisites
+[!INCLUDE [Access policies generic pre-requisites](./includes/access-policies-prerequisites-generic.md)]
+
+[!INCLUDE [Azure Storage specific pre-requisites](./includes/access-policies-prerequisites-storage.md)]
+
+## Configuration
+[!INCLUDE [Access policies generic configuration](./includes/access-policies-configuration-generic.md)]
+
+### Register the data sources in Azure Purview for Data use governance
+Register and scan each Storage account with Azure Purview to later define access policies. You can follow these guides:
+
+-   [Register and scan Azure Storage Blob - Azure Purview](register-scan-azure-blob-storage-source.md)
+
+-   [Register and scan Azure Data Lake Storage (ADLS) Gen2 - Azure Purview](register-scan-adls-gen2.md)
+
+Follow this link to [Enable the data source for access policies](./how-to-enable-data-use-governance.md) in Azure Purview by setting the **Data use governance** toggle to **Enabled**, as shown in the picture.
+
+![Image shows how to register a data source for policy.](./media/how-to-data-owner-policies-storage/register-data-source-for-policy-storage.png)
+
+## Create and publish a data owner policy
+Execute the steps in the [data-owner policy authoring tutorial](how-to-data-owner-policy-authoring-generic.md) to create and publish a policy similar to the example shown in the image: a policy that provides group *Contoso Team* *read* access to Storage account *marketinglake1*:
+
+![Image shows a sample data owner policy giving access to an Azure Storage account.](./media/how-to-data-owner-policies-storage/data-owner-policy-example-storage.png)
+
+
+>[!Important]
+> - Publish is a background operation. It can take up to **2 hours** for the changes to be reflected in Storage account(s).
+
+
+## Additional information
+- Policy statements set below container level on a Storage account are supported. If no access has been provided at Storage account level or container level, then the App that requests the data must execute a direct access by providing a fully qualified name to the data object. If the App attempts to crawl down the hierarchy starting from the Storage account or Container, and there is no access at that level, the request will fail. The following documents show examples of how to do perform a direct access. See also blogs in the *Next steps* section of this tutorial.
+  - [*abfs* for ADLS Gen2](../hdinsight/hdinsight-hadoop-use-data-lake-storage-gen2.md#access-files-from-the-cluster)
+  - [*az storage blob download* for Blob Storage](../storage/blobs/storage-quickstart-blobs-cli.md#download-a-blob)
+- Creating a policy at Storage account level will enable the Subjects to access system containers e.g., *$logs*.  If this is undesired, first scan the data source(s) and then create finer-grained policies for each (i.e., at container or sub-container level).
+
+
+### Limits
+- The limit for Azure Purview policies that can be enforced by Storage accounts is 100MB per subscription, which roughly equates to 5000 policies.
+
+### Known issues
+
+> [!Warning]
+> **Known issues** related to Policy creation
+> - Do not create policy statements based on Azure Purview resource sets. Even if displayed in Azure Purview policy authoring UI, they are not yet enforced. Learn more about [resource sets](concept-resource-sets.md).
+
+### Policy action mapping
+
+This section contains a reference of how actions in Azure Purview data policies map to specific actions in Azure Storage.
+
+| **Azure Purview policy action** | **Data source specific actions**                                                        |
+|---------------------------|-----------------------------------------------------------------------------------------|
+|||
+| *Read*                    |<sub>Microsoft.Storage/storageAccounts/blobServices/containers/read                      |
+|                           |<sub>Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read                |
+|||
+| *Modify*                  |<sub>Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read                |
+|                           |<sub>Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write               |
+|                           |<sub>Microsoft.Storage/storageAccounts/blobServices/containers/blobs/add/action          |
+|                           |<sub>Microsoft.Storage/storageAccounts/blobServices/containers/blobs/move/action         |
+|                           |<sub>Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete              |
+|                           |<sub>Microsoft.Storage/storageAccounts/blobServices/containers/read                      |
+|                           |<sub>Microsoft.Storage/storageAccounts/blobServices/containers/write                     |
+|                           |<sub>Microsoft.Storage/storageAccounts/blobServices/containers/delete                    |
+|||
+
+
+## Next steps
+Check blog, demo and related tutorials:
+
+* [Demo of access policy for Azure Storage](/video/media/8ce7c554-0d48-430f-8f63-edf94946947c/purview-policy-storage-dataowner-scenario_mid.mp4)
+* [Concepts for Azure Purview data owner policies](./concept-data-owner-policies.md)
+* [Enable Azure Purview data owner policies on all data sources in a subscription or a resource group](./how-to-data-owner-policies-resource-group.md)
+* [Blog: What's New in Azure Purview at Microsoft Ignite 2021](https://techcommunity.microsoft.com/t5/azure-purview/what-s-new-in-azure-purview-at-microsoft-ignite-2021/ba-p/2915954)
+* [Blog: Accessing data when folder level permission is granted](https://techcommunity.microsoft.com/t5/azure-purview-blog/data-policy-features-accessing-data-when-folder-level-permission/ba-p/3109583)
+* [Blog: Accessing data when file level permission is granted](https://techcommunity.microsoft.com/t5/azure-purview-blog/data-policy-features-accessing-data-when-file-level-permission/ba-p/3102166)

articles/purview/how-to-data-owner-policy-authoring-generic.md

@@ -125,5 +125,5 @@ Steps to update or delete a policy in Azure Purview are as follows.
 
 For specific guides on creating policies, you can follow these tutorials:
 
-- [Enable Azure Purview data owner policies on all data sources in a subscription or a resource group](./tutorial-data-owner-policies-resource-group.md)
-- [Enable Azure Purview data owner policies on an Azure Storage account](./tutorial-data-owner-policies-storage.md)
+- [Enable Azure Purview data owner policies on all data sources in a subscription or a resource group](./how-to-data-owner-policies-resource-group.md)
+- [Enable Azure Purview data owner policies on an Azure Storage account](./how-to-data-owner-policies-storage.md)

articles/purview/how-to-delete-self-service-data-access-policy.md

@@ -22,7 +22,7 @@ This guide describes how to delete self-service data access policies that have b
 Self-service policies must exist for them to be deleted. Refer to the articles below to create
 self-service policies
 
-- [Enable Data Use Governance](./tutorial-data-owner-policies-storage.md)
+- [Enable Data Use Governance](./how-to-enable-data-use-governance.md)
 - [Create a self-service data access workflow](./how-to-workflow-self-service-data-access-hybrid.md)
 - [Approve self-service data access request](how-to-workflow-manage-requests-approvals.md)
 

articles/purview/how-to-enable-data-use-governance.md

@@ -80,5 +80,5 @@ To disable data use governance for a source, resource group, or subscription, a
 ## Next steps
 
 - [Create data owner policies for your resources](how-to-data-owner-policy-authoring-generic.md)
-- [Enable Azure Purview data owner policies on all data sources in a subscription or a resource group](./tutorial-data-owner-policies-resource-group.md)
-- [Enable Azure Purview data owner policies on an Azure Storage account](./tutorial-data-owner-policies-storage.md)
+- [Enable Azure Purview data owner policies on all data sources in a subscription or a resource group](./how-to-data-owner-policies-resource-group.md)
+- [Enable Azure Purview data owner policies on an Azure Storage account](./how-to-data-owner-policies-storage.md)

articles/purview/how-to-view-self-service-data-access-policy.md

@@ -22,7 +22,7 @@ This guide describes how to view self-service data access policies that have bee
 Self-service policies must exist for them to be viewed. Refer to the articles below to create
 self-service policies
 
-- [Enable Data Use Governance](./tutorial-data-owner-policies-storage.md)
+- [Enable Data Use Governance](./how-to-enable-data-use-governance.md)
 - [Create a self-service data access workflow](./how-to-workflow-self-service-data-access-hybrid.md)
 - [Approve self-service data access request](how-to-workflow-manage-requests-approvals.md)
 

articles/purview/index.yml

@@ -176,6 +176,6 @@ landingContent:
     - linkListType: tutorial
       links:
         - text: Data owner policies for Azure Storage
-          url: tutorial-data-owner-policies-storage.md
+          url: how-to-data-owner-policies-storage.md
         - text: Data owner policies on resource groups or subscriptions
-          url: tutorial-data-owner-policies-resource-group.md
+          url: how-to-data-owner-policies-resource-group.md