Review

Author: whhender

articles/purview/tutorial-metadata-policy-collections-apis.md

@@ -6,11 +6,11 @@ ms.author: arindamba
 ms.service: purview
 ms.subservice: purview-data-catalog
 ms.topic: tutorial
-ms.date: 09/24/2021
+ms.date: 12/07/2022
 # Customer intent: As a Microsoft Purview collection administrator, I want to manage collections and control access to each collection in the Microsoft Purview account by adding or removing users, groups, or service principals via the REST API interface.
 ---
 
-# Tutorial: Use REST APIs to manage role-based access control on Microsoft Purview collections 
+# Tutorial: Use REST APIs to manage role-based access control on Microsoft Purview collections
 
 In August 2021, access control in Microsoft Purview moved from Azure Identity & Access Management (IAM) (control plane) to [Microsoft Purview collections](how-to-create-and-manage-collections.md) (data plane). This change gives enterprise data curators and administrators more precise, granular access control on their data sources scanned by Microsoft Purview. The change also enables organizations to audit right access and right use of their data.
 
@@ -19,40 +19,41 @@ This tutorial guides you through step-by-step usage of the Microsoft Purview Met
 For more information about the built-in roles in Microsoft Purview, see the [Microsoft Purview permissions guide](catalog-permissions.md#roles). The guide maps the roles to the level of access permissions that are granted to users.
 
 ## Metadata Policy API Reference summary
+
 The following table gives an overview of the [Microsoft Purview Metadata Policy API Reference](/rest/api/purview/metadatapolicydataplane/Metadata-Policy). 
 
 > [!NOTE]
 > Replace {pv-acc-name} with the name of your Microsoft Purview account before running these APIs. For instance, if your Microsoft Purview account name is *FabrikamPurviewAccount*, your API endpoints will become *FabrikamPurviewAccount.purview.azure.com*. The "api-version" parameter is subject to change. Please refer the [Microsoft Purview Metadata policy REST API documentation](/rest/api/purview/metadatapolicydataplane/Metadata-Policy) for the latest "api-version" and the API signature.
 
 | API function | REST method | API endpoint | Description | 
-| :- | :- | :- | :- | 
+| --- | --- | --- | --- | 
 | Read All Metadata Roles| GET| https://{pv-acc-name}.purview.azure.com /policystore/metadataroles?&api-version=2021-07-01| Reads all metadata roles from your Microsoft Purview account.| 
-| Read Metadata Policy By Collection Name| GET| https://{pv-acc-name}.purview.azure.com /policystore/collections/{collectionName}/metadataPolicy?&api-version=2021-07-01| Reads the metadata policy by using a specified collection name (the 6-character random name that's generated by Microsoft Purview when it creates the policy).| 
+| Read Metadata Policy By Collection Name| GET| https://{pv-acc-name}.purview.azure.com /policystore/collections/{collectionName}/metadataPolicy?&api-version=2021-07-01| Reads the metadata policy by using a specified collection name (the six character random name that's generated by Microsoft Purview when it creates the policy).| 
 | Read Metadata Policy By PolicyID| GET| https://{pv-acc-name}.purview.azure.com /policystore/metadataPolicies/{policyId}?&api-version=2021-07-01| Reads the metadata policy by using a specified policy ID. The policy ID is in GUID format.| 
 | Read All Metadata Policies| GET| https://{pv-acc-name}.purview.azure.com /policystore/metadataPolicies?&api-version=2021-07-01| Reads all metadata policies from your Microsoft Purview account. You can pick a certain policy to work with from the JSON output list that's generated by this API.| 
 | Update/PUT Metadata Policy| PUT| https://{pv-acc-name}.purview.azure.com /policystore/metadataPolicies/{policyId}?&api-version=2021-07-01| Updates the metadata policy by using a specified policy ID. The policy ID is in GUID format.|
 | | | 
 
 ## Microsoft Purview catalog collections API reference summary
+
 The following table gives an overview of the Microsoft Purview collections APIs. For complete documentation about each API, select the API operation in the left column.
 
 | Operation | Description | 
-| :- | :- | 
+| --- | --- | 
 | [Create or update collection](/rest/api/purview/accountdataplane/collections/create-or-update-collection) | Creates or updates a collection entity. | 
 | [Delete collection](/rest/api/purview/accountdataplane/collections/delete-collection) | Deletes a collection entity. | 
 | [Get collection](/rest/api/purview/accountdataplane/collections/get-collection) | Gets a collection.| 
 | [Get collection path](/rest/api/purview/accountdataplane/collections/get-collection-path) | Gets the parent name and display name chains that represent the collection path.| 
 | [List child collection names](/rest/api/purview/accountdataplane/collections/list-child-collection-names) | Lists the child collections names in the collection.| 
 | [List collections](/rest/api/purview/accountdataplane/collections/list-collections) | Lists the collections in the account.| 
 
-
 - If you're using the API, the service principal, user, or group that executes the API should have a [Collection Admin](how-to-create-and-manage-collections.md#check-permissions) role assigned in Microsoft Purview to execute this API successfully.
 
-- For all Microsoft Purview APIs that require {collectionName}, you will need to use *"name"* (and not *"friendlyName"*). Replace {collectionName} with the actual six-character alphanumeric collection name string. 
+- For all Microsoft Purview APIs that require {collectionName}, you'll need to use *"name"* (and not *"friendlyName"*). Replace {collectionName} with the actual six-character alphanumeric collection name string.
    > [!NOTE]
    > This name is different from the friendly display name you supplied when you created the collection. If you don't have {collectionName} handy, use the [List Collections API](/rest/api/purview/accountdataplane/collections/list-collections) to select the six-character collection name from the JSON output.
 
-Here is an example JSON file: 
+Here's an example JSON file:
 
 ```json
 {
@@ -105,7 +106,7 @@ The output JSON will describe the roles and their associated permissions in this
 The default metadata roles are listed in the following table:
 
 | Role ID | Permissions | Role description | 
-| :- | :- | :- | 
+| --- | --- | --- | 
 | purviewmetadatarole\_builtin\_data-source-administrator| Microsoft.Purview/accounts/scan/read Microsoft.Purview/accounts/scan/write Microsoft.Purview/accounts/collection/read| Grants access to others to read, write collection, register data sources, and trigger scans.| 
 | purviewmetadatarole\_builtin\_collection-administrator| Microsoft.Purview/accounts/collection/read Microsoft.Purview/accounts/collection/write| Administrator-level full access to the entire collection, including add or remove users and service principal names (SPNs) from the collection, management rights, and grant or revoke access. In some cases, the Collection Administrator might be different from the creator of the collection.| 
 | purviewmetadatarole\_builtin\_purview-reader| Microsoft.Purview/accounts/data/read Microsoft.Purview/accounts/collection/read| Grants only read access to data handling and all metadata, including classifications, sensitivity labels, insights, and read assets in a collection, except scan bindings.| 
@@ -937,7 +938,7 @@ To run the preceding command, you need only to pass the new Root Collection Admi
 > [!NOTE]
 > Users who call this API must have Owner or User Account and Authentication (UAA) permissions on the Microsoft Purview account to execute a write action on the account.
 
-## Additional resources
+## More resources
 
 You may choose to execute Microsoft Purview REST APIs by using the [PowerShell utility](https://aka.ms/purview-api-ps). It can be readily installed from PowerShell Gallery. With this utility, you can execute all the same commands, but from Windows PowerShell.