Merge pull request #229590 from MicrosoftDocs/release-preview-update-purview-share

Release preview update purview share--scheduled release at 10AM of 3/07

Author: huypub

articles/cosmos-db/synapse-link-frequently-asked-questions.yml

@@ -218,7 +218,7 @@ sections:
            Yes, You can control network access to the data in the transactional and analytical stores independently. Network isolation is done using separate managed private endpoints for each store, within managed virtual networks in Azure Synapse workspaces. To learn more, see how to [Configure private endpoints for analytical store](analytical-store-private-endpoints.md) article.
            
       - question: |
-           I'm getting error 403 (Could not retrieve Analytical Store status for one or more containers Response status code does not indicate success: 403 (Forbidden)) after Azure Private Link was enable for my database account. What's happening?
+           I'm getting error 403 (Could not retrieve Analytical Store status for one or more containers Response status code does not indicate success: 403 (Forbidden)) after Azure Private Link was enabled for my database account. What's happening?
         answer: |
            Usually, 403's are due to network/firewall settings that prevent users from accessing specific data, even from the portal. The most common cause for this problem is that step 1 of the enable Network isolation process using private endpoints has not been performed. You need to use Azure CLI or PowerShell for this. More details [here](analytical-store-private-endpoints.md).
        

articles/purview/.openpublishing.redirection.purview.json

@@ -249,6 +249,11 @@
         "source_path_from_root": "/articles/purview/how-to-monitor-scan-runs.md",
         "redirect_url": "/azure/purview/how-to-monitor-data-map-population",
         "redirect_document_id": true
+      },
+      {
+        "source_path_from_root": "/articles/purview/how-to-link-azure-data-share.md",
+        "redirect_url": "/azure/purview/how-to-lineage-purview-data-sharing",
+        "redirect_document_id": true
       }
 ]
 }

articles/purview/catalog-permissions.md

@@ -28,7 +28,6 @@ The Microsoft Purview governance portal uses a set of predefined roles to contro
     A collection administrator on the [root collection](reference-azure-purview-glossary.md#root-collection) also automatically has permission to the Microsoft Purview governance portal. If your **root collection administrator** ever needs to be changed, you can [follow the steps in the section below](#administrator-change).
 - **Data curators** - a role that provides access to the data catalog to manage assets, configure custom classifications, set up glossary terms, and view data estate insights. Data curators can create, read, modify, move, and delete assets. They can also apply annotations to assets.
 - **Data readers** - a role that provides read-only access to data assets, classifications, classification rules, collections and glossary terms.
-- **Data share contributor** - A role that can share data within an organization and with other organizations using data sharing capabilities in Microsoft Purview. Data share contributors can view, create, update, and delete sent and received shares.
 - **Data source administrator** - a role that allows a user to manage data sources and scans. If a user is granted only to **Data source admin** role on a given data source, they can run new scans using an existing scan rule. To create new scan rules, the user must be also granted as either **Data reader** or **Data curator** roles.
 - **Insights reader** - a role that provides read-only access to insights reports for collections where the insights reader also has at least the **Data reader** role. For more information, see [insights permissions.](insights-permissions.md)
 - **Policy author (Preview)** - a role that allows a user to view, update, and delete Microsoft Purview policies through the policy management app within Microsoft Purview.
@@ -52,7 +51,8 @@ The Microsoft Purview governance portal uses a set of predefined roles to contro
 |I need to put users into roles in the Microsoft Purview governance portal| Collection administrator |
 |I need to create and publish access policies | Data source administrator and policy author |
 |I need to create workflows for my Microsoft Purview account in the governance portal| Workflow administrator |
-|I need to share data from sources registered in Microsoft Purview | Data share contributor|
+|I need to share data from sources registered in Microsoft Purview | Data reader |
+|I need to receive shared data in Microsoft Purview | Data reader |
 |I need to view insights for collections I'm a part of | Insights reader **or** data curator |
 |I need to create or manage our [self-hosted integration runtime (SHIR)](manage-integration-runtimes.md) | Data source administrator |
 |I need to create managed private endpoints | Data source administrator |

articles/purview/concept-data-share.md

@@ -1,19 +1,19 @@
 ---
 title: Azure Storage in-place data sharing with Microsoft Purview (preview)
 description: This article describes Microsoft Purview Data Sharing and its features.
-author: jifems
-ms.author: jife
+author: sidontha
+ms.author: sidontha
 ms.service: purview
 ms.subservice: purview-data-share
 ms.topic: conceptual
-ms.date: 06/28/2022
+ms.date: 02/16/2023
 ---
 
 # Azure Storage in-place data sharing with Microsoft Purview (preview)
 
 [!INCLUDE [feature-in-preview](includes/feature-in-preview.md)]
 
-Traditionally, organizations have shared data with internal teams or external partners by generating data feeds requiring investment in data copy and refresh pipelines. The result is higher cost for data storage and movement, data proliferation (that is, multiple copies of data), and delay in access to time-sensitive data.
+Traditionally, organizations have shared data with internal teams or external partners by generating data feeds, requiring investment in data copy and refresh pipelines. The result is higher cost for data storage and movement, data proliferation (that is, multiple copies of data), and delay in access to time-sensitive data.
 
 With Microsoft Purview Data Sharing, data providers can now share data **in-place** from Azure Data Lake Storage Gen2 and Azure Storage accounts, both within and across organizations. Share data directly with users and partners without data duplication and centrally manage your sharing activities from within Microsoft Purview.
 
@@ -43,13 +43,13 @@ Microsoft Purview Data Sharing only stores metadata about your share. It doesn't
 * Share data from ADLS Gen2 or Blob storage in-place without data duplication.
 * Share data with multiple recipients.
 * Access shared data in near real time.
-* Centrally manage sharing relationships and keep track of who the data is shared with/from.
-* Revoke or terminate share access at any time.
+* Manage sharing relationships and keep track of who the data is shared with/from, for each ADLSGen2 or Blob Storage account.
+* Terminate share access at any time.
 * Flexible experience through Microsoft Purview governance portal or via REST APIs.
 
 ## Get started
 
-Get started with Microsoft Purview in-place data sharing for Azure Storage by watching a [demo](https://aka.ms/purview-data-share/overview-demo) and following the [Data Sharing Quickstart](quickstart-data-share.md).
+Get started with Microsoft Purview in-place data sharing for Azure Storage by reviewing the [next steps](#next-steps) or following the [Data Sharing Quickstart](quickstart-data-share.md).
 
 ## Data sharing scenarios
 

articles/purview/how-to-data-share-faq.md

@@ -1,85 +1,89 @@
 ---
 title: Microsoft Purview Data Sharing FAQ
 description: Microsoft Purview Data Sharing frequently asked questions (FAQ) and answers.
-author: jifems
-ms.author: jife
+author: sidontha
+ms.author: sidontha
 ms.service: purview
 ms.subservice: purview-data-share
 ms.topic: how-to
-ms.date: 06/28/2022
+ms.date: 02/16/2023
 ---
 # FAQ: Azure Storage in-place data share with Microsoft Purview Data Sharing (preview)
 
-Here are some frequently asked questions for Microsoft Purview Data Sharing. 
+Here are some frequently asked questions for Microsoft Purview Data Sharing.
 
 ## What are the key terms related to data sharing?
 
-* **Data Provider** - Organization that shares data. 
+* **Data Provider** - Organization that shares data.
 * **Data Consumer** - Organization that receives shared data from a data provider.
+* **Asset** - For storage in-place sharing, an asset is a storage account, and the list of files and folders you want to share from the storage account.
 * **Share** - A share is a set of data that can be shared from provider to consumer. It's a set of assets. You can have one asset with files/folders from one storage account, and another asset with files/folders from a different storage account.
 * **Collection** - A [collection](catalog-permissions.md) is a tool Microsoft Purview uses to group assets, sources, shares, and other artifacts into a hierarchy for discoverability and to manage access control. A root collection is created automatically when you create your Microsoft Purview account and you're granted all the roles to the root collection. You can use the root collection (default) or create child collections for data sharing.
-* **Asset**	- For storage in-place sharing, an asset is a storage account. You can specify a list of files and folders you want to share from the storage account.
-* **Recipient** - A recipient is a user or service principal to which the share is sent. 
+* **Recipient** - A recipient is a user or service principal to which the share is sent.
+
+## Can I use the API or SDK for storage in-place sharing?
 
-##	Can I use the API or SDK for storage in-place sharing?
 Yes, you can use [REST API](/rest/api/purview/) or [.NET SDK](/dotnet/api/overview/azure/purview) for programmatic experience to share data.
 
-##	What are the roles and permissions required to share data or receive shares?
+We have a [guide for getting started with the .NET SDK](quickstart-data-share-dotnet.md).
+
+## What are the roles and permissions required to share data or receive shares?
 
 | **Operations** | **Roles and Permissions** |
 |---|---|
-|**Data provider**: create share, add asset and recipients, revoke access | **Microsoft Purview collection role**: Data Share Contributor |
+|**Data provider**: create share, add asset and recipients, revoke access | **Microsoft Purview collection role**: minimum of Data Reader to use the Microsoft Purview compliance portal experience, none to use API or SDK |
 | |**Storage account role** checked when adding and updating asset: Owner or Storage Blob Data Owner |
 | |**Storage account permissions** checked when adding and updating asset: Microsoft.Authorization/roleAssignments/write OR Microsoft.Storage/storageAccounts/blobServices/containers/blobs/modifyPermissions/|
-|**Data consumer**: Receive share, map asset, terminate share |**Microsoft Purview collection role**: Data Share Contributor |
-| |**Storage account role** checked when mapping asset: Contributor OR Owner OR Storage Blob Data Contributor OR Storage Blob Data Owner |
-| |**Storage account permissions** checked when mapping asset: Microsoft.Storage/storageAccounts/write OR Microsoft.Storage/storageAccounts/blobServices/containers/write|	
+|**Data consumer**: Receive share, attach share, delete share |**Microsoft Purview collection role**: minimum of Data Reader to use the Microsoft Purview compliance portal experience, none to use API or SDK |
+| |**Storage account role** checked when attaching share: Contributor OR Owner OR Storage Blob Data Contributor OR Storage Blob Data Owner |
+| |**Storage account permissions** checked when attaching share: Microsoft.Storage/storageAccounts/write OR Microsoft.Storage/storageAccounts/blobServices/containers/write|
 |**Data consumer**: Access shared data| No share-specific role required. You can access shared data with regular storage account permission just like any other data. Data consumer's ability to apply ACLs for shared data is currently not supported.|
 
-##	How can I share data from containers?
+## How can I share data from containers?
 
-When adding assets, you can select the container(s) that you would like to share. 
+When adding assets, you can select the container(s) that you would like to share.
 
-##	Can I share data in-place with storage account in a different Azure region?
+## Can I share data in-place with storage account in a different Azure region?
 
 Cross-region in-place data sharing isn't currently supported for storage account. Data provider and data consumer's storage accounts need to be in the same Azure region.
 
-##	Is there support for read-write shares?
+## Is there support for read-write shares?
 
-Storage in-place sharing supports read-only shares. Data consumer can't write to the shared data. 
+Storage in-place sharing supports read-only shares. Data consumer can't write to the shared data.
 
 To share data back to the data provider, the data consumer can create a share and share with the data provider.
 
 ## Can I access shared data from analytics tools like Azure Synapse?
 
-You can access shared data from storage clients, Azure Synapse Analytics Spark and Databricks. You won't be able to access shared data using Azure Data Factory, Power BI or AzCopy. 
+You can access shared data from storage clients like Azure Synapse Analytics Spark and Databricks. You won't be able to access shared data using Azure Data Factory, Power BI, or AzCopy.
 
 ## Does the recipient of the share need to be a user's email address or can I share data with an application?
 
-Through the UI, you can share data with recipient's Azure sign in email or using service principal's object ID and tenant ID. 
+Through the UI, you can share data with recipient's Azure sign-in email or using service principal's object ID and tenant ID.
 
-Through API and SDK, you also send invitation to object ID of a user principal or service principal. Also, you can optionally specify a tenant ID for which you want the share to be received into.  
+[Through API and SDK, you also send invitation to object ID of a user principal or service principal](quickstart-data-share-dotnet.md#send-invitation-to-a-service). Also, you can optionally specify a tenant ID that you want the share to be received into.  
 
 ## Is the recipient accepting the share only for themselves?
 
-When the recipient accepts the share and maps asset to a target storage account, any user or application that has access to the target storage account will be able to access shared data.
+When the recipient attaches the share to a target storage account, any user or application that has access to the target storage account will be able to access shared data.
 
 ## If the recipient leaves the organization, what happens to the received share?
 
-Once the received share is accepted and asset is mapped to a target storage account, any users with appropriate permissions to the target storage account can continue to access the shared data even after the recipient has left the organization.
+Once the received share is accepted and attached to a target storage account, any users with appropriate permissions to the target storage account can continue to access the shared data even after the recipient has left the organization.
 
-Once the received share is accepted, any user with Data Share Contributor permission to the Microsoft Purview collection that the share is received into can view and update the received share.
+Once the received share is accepted, any user with data reader permission to the Microsoft Purview collection that the share is received into can view and update the received share.
 
 ## How do I request an increase in limits for the number of shares?
 
-Data provider's source storage account can support up to 20 targets, and data consumer's target storage account can support up to 100 sources. To request a limit increase, contact support.
+Data provider's source storage account can support up to 20 targets, and data consumer's target storage account can support up to 100 sources. To request a limit increase, [contact support](https://azure.microsoft.com/support/create-ticket/).
 
 ## How do I troubleshoot data sharing issues?
 
-To troubleshoot issues with sharing data, refer to the [Troubleshoot section of How to share data](how-to-share-data.md#troubleshoot). To troubleshoot issues with receiving share, refer to the [Troubleshoot section of How to receive share](how-to-receive-share.md#troubleshoot).
+To troubleshoot issues with sharing data, refer to the [troubleshooting section of the how to share data article](how-to-share-data.md#troubleshoot). To troubleshoot issues with receiving share, refer to the [troubleshooting section of the how to receive share article](how-to-receive-share.md#troubleshoot).
 
 ## Is there support for Private endpoints, VNET and IP restrictions?
-Private endpoints, VNET, and IP restrictions are supported for data share for storage. Blob should be chosen as the target sub-resource when creating a private endpoint for storage accounts.
+
+Private endpoints, VNET, and IP restrictions are supported for data share for storage. Blob should be chosen as the target subresource when creating a private endpoint for storage accounts.
 
 ## Next steps