Microsoft Purview · Unified Catalog Governance

Global Catalog Reader

Read published artifacts across all governance domains that don't have Local Catalog Reader restrictions.

Scope: Read access to published content across all governance domains (except those with Local Catalog Reader)

Permissions

  • Search and browse published data products across all domains
  • View published glossary terms and business concepts
  • Search Unified Catalog for data assets with proper Data Map permissions
  • Request access to data products
  • View data product metadata and descriptions
  • Discover business-curated data across organization

Common use cases

  • Business analysts discovering data products for analytics
  • Data scientists finding training datasets across organization
  • Business users searching for data to meet reporting needs
  • Executives browsing available data assets for decision-making
  • Cross-functional teams discovering data products from other departments
  • New employees understanding organizational data landscape

Best practices

  • Assign broadly to business users who need data discovery
  • This is the "default" reader role for federated governance
  • Users can request access through data product workflows
  • Combine with Data Reader in Data Map for asset-level access
  • Train users on data product search and discovery features
  • Encourage use of natural language search with Security Copilot

Security considerations

  • Only shows published content - draft concepts remain hidden
  • Does not grant access to underlying data assets (needs Data Map permissions)
  • Cannot view domains with Local Catalog Reader restrictions
  • Read-only role with minimal security concerns
  • Can see data product metadata but not sensitive data itself

Common questions

When should I assign the Global Catalog Reader role?

Assign Global Catalog Reader when you need to: Business analysts discovering data products for analytics; Data scientists finding training datasets across organization; Business users searching for data to meet reporting needs; Executives browsing available data assets for decision-making; and Cross-functional teams discovering data products from other departments. It is part of Microsoft Purview and should be granted as a least-privilege alternative to broader roles like Global Administrator.

What can someone with the Global Catalog Reader role do?

The Global Catalog Reader role grants permissions including: Search and browse published data products across all domains; View published glossary terms and business concepts; Search Unified Catalog for data assets with proper Data Map permissions; Request access to data products; View data product metadata and descriptions; and Discover business-curated data across organization. See the Permissions section above for the full list.

What are the security risks of the Global Catalog Reader role?

Key considerations when assigning Global Catalog Reader: Only shows published content - draft concepts remain hidden; Does not grant access to underlying data assets (needs Data Map permissions); Cannot view domains with Local Catalog Reader restrictions; and Read-only role with minimal security concerns. Review the Security considerations section before assignment, and pair with Privileged Identity Management (PIM) for just-in-time access where possible.

Official Microsoft Learn documentation →

Open the interactive RBACMap →