Microsoft Purview · Data Map Collections
Collection Administrator
Manage collections, assign roles, and organize data sources and assets within collection hierarchy.
Scope: Collections where explicitly assigned as Collection Administrator (with inheritance to subcollections by default)
Permissions
- Create, edit, and delete collections and subcollections
- Assign users to roles within managed collections (Collection Admin, Data Curator, Data Reader, Data Source Admin)
- Manage collection details, descriptions, and organizational structure
- Configure permission inheritance for subcollections
- Organize data sources and assets into collection hierarchy
- Manage collection-level access controls and restrictions
Common use cases
- Organizing data assets by business function, geography, or project
- Delegating data governance responsibilities to regional or functional teams
- Implementing least-privilege access control through collection structure
- Managing access to data assets for specific departments or initiatives
- Creating project-specific collections for temporary data governance needs
- Aligning data catalog structure with organizational hierarchy
Best practices
- Design collection hierarchy aligned with organizational structure
- Use descriptive naming conventions for collections
- Document collection purpose and ownership clearly
- Limit Collection Admins to 2-3 people per collection for accountability
- Use permission inheritance where appropriate to simplify management
- Restrict inheritance for sensitive collections requiring explicit access
- Regular review of collection structure and role assignments
- Coordinate with other Collection Admins on cross-collection scenarios
- Establish consistent collection organization patterns across domains
Security considerations
- Can grant access to all data sources and assets in managed collections
- Permission changes affect all users with inherited permissions
- Restricting inheritance isolates subcollections from parent permissions
- Root collection administrator has access to entire Microsoft Purview portal
- Monitor for inappropriate role assignments or permission escalation
- Collection structure changes can impact large numbers of users
Common questions
When should I assign the Collection Administrator role?
Assign Collection Administrator when you need to: Organizing data assets by business function, geography, or project; Delegating data governance responsibilities to regional or functional teams; Implementing least-privilege access control through collection structure; Managing access to data assets for specific departments or initiatives; and Creating project-specific collections for temporary data governance needs. It is part of Microsoft Purview and should be granted as a least-privilege alternative to broader roles like Global Administrator.
What can someone with the Collection Administrator role do?
The Collection Administrator role grants permissions including: Create, edit, and delete collections and subcollections; Assign users to roles within managed collections (Collection Admin, Data Curator, Data Reader, Data Source Admin); Manage collection details, descriptions, and organizational structure; Configure permission inheritance for subcollections; Organize data sources and assets into collection hierarchy; and Manage collection-level access controls and restrictions. See the Permissions section above for the full list.
What are the security risks of the Collection Administrator role?
Key considerations when assigning Collection Administrator: Can grant access to all data sources and assets in managed collections; Permission changes affect all users with inherited permissions; Restricting inheritance isolates subcollections from parent permissions; and Root collection administrator has access to entire Microsoft Purview portal. Review the Security considerations section before assignment, and pair with Privileged Identity Management (PIM) for just-in-time access where possible.