Microsoft Purview · Unified Catalog Governance

Governance Domain Creator

Create governance domains and delegate governance domain owner role (or remain owner by default).

Scope: Ability to create governance domains at catalog level

Permissions

  • Create new governance domains in Unified Catalog
  • Delegate Governance Domain Owner role to domain experts
  • Remain as Governance Domain Owner by default if not delegated
  • Define domain scope and boundaries
  • Set up initial domain structure and hierarchy

Common use cases

  • Business unit leaders creating domains for their areas (Sales, Marketing, Finance)
  • Data platform teams establishing technical domains (Customer Data, Product Data)
  • Setting up federated governance structure aligned to organizational structure
  • Creating domains for regulatory or compliance boundaries (GDPR, HIPAA data)
  • Establishing data mesh architecture with domain-oriented governance

Best practices

  • Plan domain structure before creation - align to business units or data domains
  • Delegate Governance Domain Owner to subject matter expert, not yourself
  • Create domains that reflect organizational accountability structure
  • Document domain purpose, scope, and ownership clearly
  • Start with 5-10 high-level domains, not hundreds of micro-domains
  • Consider regulatory and compliance boundaries when defining domains
  • Coordinate with Data Map collections for technical alignment

Security considerations

  • Domain structure affects organizational access patterns
  • Poor domain design can create governance silos or gaps
  • Should delegate ownership rather than retaining as creator
  • Document domain creation decisions for audit purposes

Common questions

When should I assign the Governance Domain Creator role?

Assign Governance Domain Creator when you need to: Business unit leaders creating domains for their areas (Sales, Marketing, Finance); Data platform teams establishing technical domains (Customer Data, Product Data); Setting up federated governance structure aligned to organizational structure; Creating domains for regulatory or compliance boundaries (GDPR, HIPAA data); and Establishing data mesh architecture with domain-oriented governance. It is part of Microsoft Purview and should be granted as a least-privilege alternative to broader roles like Global Administrator.

What can someone with the Governance Domain Creator role do?

The Governance Domain Creator role grants permissions including: Create new governance domains in Unified Catalog; Delegate Governance Domain Owner role to domain experts; Remain as Governance Domain Owner by default if not delegated; Define domain scope and boundaries; and Set up initial domain structure and hierarchy. See the Permissions section above for the full list.

What are the security risks of the Governance Domain Creator role?

Key considerations when assigning Governance Domain Creator: Domain structure affects organizational access patterns; Poor domain design can create governance silos or gaps; Should delegate ownership rather than retaining as creator; and Document domain creation decisions for audit purposes. Review the Security considerations section before assignment, and pair with Privileged Identity Management (PIM) for just-in-time access where possible.

Official Microsoft Learn documentation →

Open the interactive RBACMap →