Microsoft Purview · Data Map Collections

Collection Administrator

Manage collections, assign roles, and organize data sources and assets within collection hierarchy.

Scope: Collections where explicitly assigned as Collection Administrator (with inheritance to subcollections by default)

Permissions

  • Create, edit, and delete collections and subcollections
  • Assign users to roles within managed collections (Collection Admin, Data Curator, Data Reader, Data Source Admin)
  • Manage collection details, descriptions, and organizational structure
  • Configure permission inheritance for subcollections
  • Organize data sources and assets into collection hierarchy
  • Manage collection-level access controls and restrictions

Common use cases

  • Organizing data assets by business function, geography, or project
  • Delegating data governance responsibilities to regional or functional teams
  • Implementing least-privilege access control through collection structure
  • Managing access to data assets for specific departments or initiatives
  • Creating project-specific collections for temporary data governance needs
  • Aligning data catalog structure with organizational hierarchy

Best practices

  • Design collection hierarchy aligned with organizational structure
  • Use descriptive naming conventions for collections
  • Document collection purpose and ownership clearly
  • Limit Collection Admins to 2-3 people per collection for accountability
  • Use permission inheritance where appropriate to simplify management
  • Restrict inheritance for sensitive collections requiring explicit access
  • Regular review of collection structure and role assignments
  • Coordinate with other Collection Admins on cross-collection scenarios
  • Establish consistent collection organization patterns across domains

Security considerations

  • Can grant access to all data sources and assets in managed collections
  • Permission changes affect all users with inherited permissions
  • Restricting inheritance isolates subcollections from parent permissions
  • Root collection administrator has access to entire Microsoft Purview portal
  • Monitor for inappropriate role assignments or permission escalation
  • Collection structure changes can impact large numbers of users

Common questions

When should I assign the Collection Administrator role?

Assign Collection Administrator when you need to: Organizing data assets by business function, geography, or project; Delegating data governance responsibilities to regional or functional teams; Implementing least-privilege access control through collection structure; Managing access to data assets for specific departments or initiatives; and Creating project-specific collections for temporary data governance needs. It is part of Microsoft Purview and should be granted as a least-privilege alternative to broader roles like Global Administrator.

What can someone with the Collection Administrator role do?

The Collection Administrator role grants permissions including: Create, edit, and delete collections and subcollections; Assign users to roles within managed collections (Collection Admin, Data Curator, Data Reader, Data Source Admin); Manage collection details, descriptions, and organizational structure; Configure permission inheritance for subcollections; Organize data sources and assets into collection hierarchy; and Manage collection-level access controls and restrictions. See the Permissions section above for the full list.

What are the security risks of the Collection Administrator role?

Key considerations when assigning Collection Administrator: Can grant access to all data sources and assets in managed collections; Permission changes affect all users with inherited permissions; Restricting inheritance isolates subcollections from parent permissions; and Root collection administrator has access to entire Microsoft Purview portal. Review the Security considerations section before assignment, and pair with Privileged Identity Management (PIM) for just-in-time access where possible.

Official Microsoft Learn documentation →

Open the interactive RBACMap →