Microsoft Purview · Data Map Collections

Domain Admin

Domain-level role to assign permissions within a domain and manage its resources, collections, and role assignments.

Scope: Domain-level administrative access limited to assigned domain(s)

Permissions

  • Assign permissions within a specific domain
  • Manage domain resources including collections and data sources
  • Create and manage collections within the domain
  • Assign Collection Admins, Data Curators, Data Readers within domain
  • Register and manage data sources within domain scope
  • Configure domain-level access controls and permission inheritance
  • Manage domain metadata and organizational structure

Common use cases

  • Managing data governance for specific business unit or department domain
  • Delegating collection administration to regional or functional teams
  • Implementing domain-specific data classification and tagging standards
  • Coordinating data source registration for business unit data estate
  • Managing access control for division-specific data assets
  • Aligning data governance with organizational structure (Finance, HR, Sales domains)

Best practices

  • Assign to business unit leaders or data owners responsible for domain
  • Limit to 2-5 people per domain to maintain clear accountability
  • Delegate Collection Admin role within domain for operational tasks
  • Document domain purpose, scope, and ownership clearly
  • Regular review of collection structure within domain
  • Coordinate with other Domain Admins on cross-domain data sharing
  • Establish consistent naming conventions for collections within domain
  • Use permission inheritance judiciously - restrict when needed for security

Security considerations

  • Full administrative control within assigned domain(s)
  • Can modify all collections and role assignments in domain
  • Should coordinate with security team on sensitive data domains
  • Permission inheritance settings affect all subcollections
  • Changes to domain permissions can impact large numbers of users
  • Monitor for inappropriate role assignments or collection modifications

Official Microsoft Learn documentation →

Open the interactive RBACMap →