Microsoft Purview · Data Map Collections

Data Source Administrator

Manage data sources and scans within assigned collections, including registration, scanning, and credential management.

Scope: Data sources and scans within assigned collections

Permissions

  • Register data sources in assigned collections
  • Create and manage scans for registered data sources
  • Run scans using existing scan rules
  • Configure scan schedules and triggers
  • Manage scan credentials and authentication methods
  • Monitor scan status and history
  • Create new scan rules (requires Data Reader or Data Curator role)
  • Manage self-hosted integration runtime connections
  • Publish data access policies (when combined with Policy Author role)

Common use cases

  • Registering departmental data sources for metadata discovery
  • Configuring automated scan schedules for data freshness
  • Managing credentials for data source connectivity
  • Troubleshooting scan failures and connectivity issues
  • Implementing scanning for new data sources as they are deployed
  • Coordinating with IT on network access and firewall rules
  • Managing service principal or managed identity authentication

Best practices

  • Use Managed Identity (MSI) for Azure data sources when possible
  • Store credentials in Azure Key Vault, not inline in scans
  • Test scans with limited scope before full production rollout
  • Schedule scans during off-peak hours to minimize impact
  • Monitor scan history and address failures promptly
  • Document data source registration rationale and ownership
  • Coordinate with Data Curators on scan rule customization needs
  • Use incremental scans when available to reduce processing time
  • Implement tagging strategy to organize registered sources

Security considerations

  • Access to data source connection information and credentials
  • Scanning can impact source system performance if misconfigured
  • Service accounts for scanning should have read-only permissions
  • Credential security is critical - use Key Vault and least privilege
  • Coordinate with network security on private endpoint usage
  • Monitor for unauthorized data source registrations
  • Combined with Policy Author, can create data access policies

Official Microsoft Learn documentation →

Open the interactive RBACMap →