How to create custom role in Purview for Data Loss Prevention?

Ng Yin Fai 0 Reputation points
2024-12-12T23:09:25.3733333+00:00

I have 2 DLP policies configured, Policy #1 for HR and Policy #2 for Finance.

May I know how to create 2 custom role where:

  • Role #1 can only view/manage Policy #1 and alerts generated by Policy #1.
  • Role #2 can only view/manage Policy #2 and alerts generated by Policy #2.
Microsoft Purview
Microsoft Purview
A Microsoft data governance service that helps manage and govern on-premises, multicloud, and software-as-a-service data. Previously known as Azure Purview.
1,298 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Ganesh Gurram 2,380 Reputation points Microsoft Vendor
    2024-12-13T17:41:42.1933333+00:00

    Hi @Ng Yin Fai

    Thanks for the question and using MS Q&A platform.

    Unfortunately, there is no option to create custom roles in Microsoft Purview.

    Appreciate if you could share the feedback on our feedback channel. Which would be open for the user community to upvote & comment on. This allows our product teams to effectively prioritize your request against our existing feature backlog and gives insight into the potential impact of implementing the suggested feature.

    The Microsoft Purview governance portal uses a set of predefined roles to control who can access what within the account. These roles are currently:

    Chart showing Microsoft Purview governance portal roles

    Reference: How can we design Microsoft Purview built-in roles?

    However, you can manage access to resources, including Data Loss Prevention (DLP) policies and alerts, using Azure role-based access control (RBAC) and the built-in roles available for Purview.

    To manage access to your DLP policies (Policy #1 for HR and Policy #2 for Finance), you can utilize the following built-in roles:

    Purview Data Reader: This role allows users to view data and metadata, which may be suitable for users who need to see the DLP policies without making changes.

    Purview Data Curator: This role allows users to manage data sources and classifications, which may be necessary for users who need to manage DLP policies.

    Purview Data Source Administrator: This role allows users to manage data sources and their configurations, which may be relevant depending on your specific needs.

    Assign the appropriate built-in roles to users or groups based on their responsibilities related to Policy #1 and Policy #2. While you cannot create custom roles, you can control access through these built-in roles.

    Use Azure RBAC: If you need more granular control, consider using Azure RBAC to manage access to resources in Azure, including Microsoft Purview. This allows you to assign roles at the subscription, resource group, or resource level.

    For more details, refer to: Access control in the Microsoft Purview governance portal.

    Hope this helps. Do let us know if you have any further queries.


    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.