Microsoft Purview · Tenant-Level Governance

Data Catalog Curators

Tenant-level role group to perform create, read, modify, and delete actions on catalog data objects and establish relationships between objects in the classic Data Catalog.

Scope: Organization-wide catalog curation access across all collections and domains

Permissions

  • Create, read, modify, and delete catalog data objects across all collections
  • Establish relationships between objects in the classic Data Catalog
  • Manage business glossary terms and definitions organization-wide
  • Apply and manage classifications on assets across the entire catalog
  • Configure custom classifications and classification rules
  • Curate metadata and annotations across all data sources
  • Access Data Map Reader and Writer capabilities
  • Manage asset lineage and data relationships

Common use cases

  • Enterprise-wide data stewardship and metadata management
  • Building organization-wide business glossaries and taxonomies
  • Cross-domain data classification and governance standardization
  • Centralized metadata curation for large data estates
  • Implementing consistent data governance practices across business units
  • Managing enterprise data catalog for self-service analytics

Best practices

  • Assign to senior data stewards responsible for enterprise-wide governance
  • Limit to 5-15 people to maintain metadata quality and consistency
  • Coordinate with Collection-level Data Curators for local expertise
  • Establish glossary and classification standards before broad curation
  • Document curation decisions and maintain audit trail
  • Regular review of catalog quality and coverage metrics
  • Use this role for cross-domain standardization efforts

Security considerations

  • Broad access to modify metadata across entire catalog
  • Can affect classifications that drive DLP and access policies
  • Changes impact discoverability and data governance posture
  • Should maintain separation from data access roles
  • Monitor for unauthorized metadata modifications
  • Coordinate with Information Protection on sensitivity labels

Common questions

When should I assign the Data Catalog Curators role?

Assign Data Catalog Curators when you need to: Enterprise-wide data stewardship and metadata management; Building organization-wide business glossaries and taxonomies; Cross-domain data classification and governance standardization; Centralized metadata curation for large data estates; and Implementing consistent data governance practices across business units. It is part of Microsoft Purview and should be granted as a least-privilege alternative to broader roles like Global Administrator.

What can someone with the Data Catalog Curators role do?

The Data Catalog Curators role grants permissions including: Create, read, modify, and delete catalog data objects across all collections; Establish relationships between objects in the classic Data Catalog; Manage business glossary terms and definitions organization-wide; Apply and manage classifications on assets across the entire catalog; Configure custom classifications and classification rules; and Curate metadata and annotations across all data sources. See the Permissions section above for the full list.

What are the security risks of the Data Catalog Curators role?

Key considerations when assigning Data Catalog Curators: Broad access to modify metadata across entire catalog; Can affect classifications that drive DLP and access policies; Changes impact discoverability and data governance posture; and Should maintain separation from data access roles. Review the Security considerations section before assignment, and pair with Privileged Identity Management (PIM) for just-in-time access where possible.

Official Microsoft Learn documentation →

Open the interactive RBACMap →