how to use PIM on Purview Roles?

David Broggy 5,986 Reputation points MVP
2024-08-06T17:35:52.68+00:00

Hi there,

There are 60+ roles in Purview along with the Business Domain roles.

I'd like to use PIM to control access to the privileged roles in Purview.

These roles don't exist in Azure Entra so I'm guessing there's a way to use "PIM for Groups" or something?

https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/concept-pim-for-groups

How is this done?

Microsoft Purview
Microsoft Purview
A Microsoft data governance service that helps manage and govern on-premises, multicloud, and software-as-a-service data. Previously known as Azure Purview.
1,298 questions
{count} vote

1 answer

Sort by: Most helpful
  1. PRADEEPCHEEKATLA 90,461 Reputation points
    2024-08-08T11:04:07.4266667+00:00

    @David Broggy - Thanks for the question and using MS Q&A platform.

    Here is the response from the internal team:

    1. Yes, you can have a security group within a Purview role group as a member:  and yes, the security groups support PIM for groups.  However, when a user is eligible for the group membership and activates the membership, we see that it takes up to 2 hours for their permissions to become effective within Purview, which is a large area of friction as it is not "just in time".
      1. We have documented this 2 hour activation delay here
      2. We have work item planned this feature soon.
    2. Entra roles which support PIM:  There are some roles within Entra that have permissions within Microsoft Purview.   a. We document at a high level what entra roles do in Purview here.

    Hope this helps. Do let us know if you any further queries.


    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.