Microsoft Purview · Data Map Collections

Data Reader

Read-only access to data assets, classifications, glossary terms, and collections for data discovery and search.

Scope: Read-only access to collections where assigned as Data Reader

Permissions

  • Search and browse data assets in assigned collections
  • View asset metadata, descriptions, and business context
  • Read classifications and sensitivity labels on assets
  • Access business glossary terms and definitions
  • View data lineage and asset relationships
  • Read collection metadata and organizational structure
  • View asset ownership and expert contact information
  • Search for assets using filters, tags, and classifications

Common use cases

  • Data analysts discovering datasets for analytical projects
  • Business users finding data assets relevant to their work
  • Compliance teams auditing data classification and governance
  • Data scientists exploring available data for machine learning
  • Developers identifying data sources for application integration
  • Business intelligence teams discovering trusted data assets
  • External auditors reviewing data governance implementation

Best practices

  • Assign liberally to enable self-service data discovery across organization
  • Combine with training on effective catalog search techniques
  • Encourage users to reach out to data owners and experts listed in assets
  • Use Data Reader as default role for most business users
  • Grant at root collection level for broad discovery if appropriate
  • Restrict to specific collections for sensitive data areas

Security considerations

  • Minimal security risk - read-only access with no modification capabilities
  • Can view asset metadata but not the actual data content
  • Access to Azure/Fabric resources still governed by resource-level permissions
  • Metadata visibility may reveal organizational data structure
  • Assign at appropriate collection level to limit exposure

Common questions

When should I assign the Data Reader role?

Assign Data Reader when you need to: Data analysts discovering datasets for analytical projects; Business users finding data assets relevant to their work; Compliance teams auditing data classification and governance; Data scientists exploring available data for machine learning; and Developers identifying data sources for application integration. It is part of Microsoft Purview and should be granted as a least-privilege alternative to broader roles like Global Administrator.

What can someone with the Data Reader role do?

The Data Reader role grants permissions including: Search and browse data assets in assigned collections; View asset metadata, descriptions, and business context; Read classifications and sensitivity labels on assets; Access business glossary terms and definitions; View data lineage and asset relationships; and Read collection metadata and organizational structure. See the Permissions section above for the full list.

What are the security risks of the Data Reader role?

Key considerations when assigning Data Reader: Minimal security risk - read-only access with no modification capabilities; Can view asset metadata but not the actual data content; Access to Azure/Fabric resources still governed by resource-level permissions; and Metadata visibility may reveal organizational data structure. Review the Security considerations section before assignment, and pair with Privileged Identity Management (PIM) for just-in-time access where possible.

Official Microsoft Learn documentation →

Open the interactive RBACMap →