Microsoft Purview · Unified Catalog Governance

Data Governance Administrator

Catalog-level role that delegates first level of access for Governance Domain Creators and other catalog permissions.

Scope: Catalog-wide administrative permissions for Unified Catalog

Permissions

  • Delegate Governance Domain Creator role to users
  • Assign other catalog-level permissions (Data Health Owner, Global Catalog Reader)
  • Manage Unified Catalog solution settings
  • Configure roles and permissions for Unified Catalog
  • Oversee catalog-level governance across all domains

Common use cases

  • Chief Data Officer or Data Governance Director managing catalog strategy
  • Assigning Governance Domain Creator role to business unit leaders
  • Managing catalog-level permissions and role assignments
  • Overseeing federated governance implementation
  • Configuring catalog settings and solution integrations

Best practices

  • Limit to 2-5 senior data governance leaders maximum
  • Document governance domain creation strategy before delegating
  • Establish clear criteria for who should receive Governance Domain Creator role
  • Regular review of catalog-level role assignments
  • Coordinate with business units on domain structure and ownership

Security considerations

  • High-level administrative role - assign carefully
  • Can delegate domain creation which affects organizational structure
  • All assignments should be documented with business justification
  • Consider using just-in-time access for temporary administrators

Common questions

When should I assign the Data Governance Administrator role?

Assign Data Governance Administrator when you need to: Chief Data Officer or Data Governance Director managing catalog strategy; Assigning Governance Domain Creator role to business unit leaders; Managing catalog-level permissions and role assignments; Overseeing federated governance implementation; and Configuring catalog settings and solution integrations. It is part of Microsoft Purview and should be granted as a least-privilege alternative to broader roles like Global Administrator.

What can someone with the Data Governance Administrator role do?

The Data Governance Administrator role grants permissions including: Delegate Governance Domain Creator role to users; Assign other catalog-level permissions (Data Health Owner, Global Catalog Reader); Manage Unified Catalog solution settings; Configure roles and permissions for Unified Catalog; and Oversee catalog-level governance across all domains. See the Permissions section above for the full list.

What are the security risks of the Data Governance Administrator role?

Key considerations when assigning Data Governance Administrator: High-level administrative role - assign carefully; Can delegate domain creation which affects organizational structure; All assignments should be documented with business justification; and Consider using just-in-time access for temporary administrators. Review the Security considerations section before assignment, and pair with Privileged Identity Management (PIM) for just-in-time access where possible.

Official Microsoft Learn documentation →

Open the interactive RBACMap →