Microsoft Purview · Tenant-Level Governance
Data Estate Insights Readers
Tenant-level role group providing read-only access to all insights reports across platforms and providers in the classic Data Catalog.
Scope: Read-only access to all Data Estate Insights across the entire organization
Permissions
- View all Data Estate Insights reports organization-wide
- Access insights across all platforms and data providers
- View asset distribution and classification analytics
- Access sensitivity labeling reports and coverage metrics
- View scan history and metadata ingestion statistics
- Access glossary term usage and adoption insights
- Read Data Map objects and metadata
- Export insights reports for governance reporting
Common use cases
- Executive dashboards for data governance program health
- Board and audit committee reporting on data estate posture
- Compliance reporting on classification and labeling coverage
- Management visibility into catalog adoption and usage
- External auditors reviewing data governance maturity
- Data governance program metrics and KPI tracking
Best practices
- Assign broadly to executives and stakeholders needing governance visibility
- Use for regular governance program health reporting
- Generate monthly or quarterly insights reports for leadership
- Combine with Power BI for custom executive dashboards
- Share insights with business unit leaders to drive catalog adoption
- Use during audits to demonstrate governance maturity
Security considerations
- Read-only access with no modification capabilities
- Insights may reveal organizational data governance gaps
- Safe for external auditors during assessments
- Cannot access underlying sensitive data content
- Aggregate metrics only - no individual asset modification
Common questions
When should I assign the Data Estate Insights Readers role?
Assign Data Estate Insights Readers when you need to: Executive dashboards for data governance program health; Board and audit committee reporting on data estate posture; Compliance reporting on classification and labeling coverage; Management visibility into catalog adoption and usage; and External auditors reviewing data governance maturity. It is part of Microsoft Purview and should be granted as a least-privilege alternative to broader roles like Global Administrator.
What can someone with the Data Estate Insights Readers role do?
The Data Estate Insights Readers role grants permissions including: View all Data Estate Insights reports organization-wide; Access insights across all platforms and data providers; View asset distribution and classification analytics; Access sensitivity labeling reports and coverage metrics; View scan history and metadata ingestion statistics; and Access glossary term usage and adoption insights. See the Permissions section above for the full list.
What are the security risks of the Data Estate Insights Readers role?
Key considerations when assigning Data Estate Insights Readers: Read-only access with no modification capabilities; Insights may reveal organizational data governance gaps; Safe for external auditors during assessments; and Cannot access underlying sensitive data content. Review the Security considerations section before assignment, and pair with Privileged Identity Management (PIM) for just-in-time access where possible.