Microsoft Purview · Tenant-Level Governance

Data Governance (role group)

Tenant-level role group that grants access to data governance roles and delegates permissions for Governance Domain Creators in Unified Catalog.

Scope: Tenant-level role group enabling catalog-level role assignments

Permissions

Grants access to assign data governance roles within Microsoft Purview
Enables delegation of Governance Domain Creator role in Unified Catalog
Provides foundation for catalog-level permission management
Required prerequisite for assigning catalog-level roles
Access to Unified Catalog role and permission management
Ability to configure governance domain structures and hierarchies

Common use cases

Enabling data governance administrators to assign Unified Catalog roles
Delegating Governance Domain Creator permissions to business units
Setting up federated data governance model across organization
Managing Unified Catalog role assignments for data stewards
Implementing data governance hierarchy and domain structure
Coordinating between IT governance and business domain ownership

Best practices

Assign to Data Governance Officers or Chief Data Officers
Limit to 3-5 people responsible for governance program oversight
Use to delegate Governance Domain Creator role to business domain owners
Coordinate with Purview Administrators on overall governance strategy
Document governance domain structure before assigning role
Regular review of who has catalog-level role assignment authority
Establish clear policies for governance domain creation and management

Security considerations

Required to assign powerful catalog-level roles like Governance Domain Creator
Controls who can delegate data governance responsibilities
Should be limited to data governance program leaders
Does not grant direct access to data - only permission management
Coordinate with IT Security on role assignment policies

Official Microsoft Learn documentation →

Open the interactive RBACMap →