Microsoft Purview · Unified Catalog Governance

Governance Domain Owner

Delegate all governance domain permissions, configure data quality alerts, set schedules, and manage access policies.

Scope: Full administrative access within assigned governance domain

Permissions

  • Delegate all governance domain roles (Data Product Owner, Data Steward, etc.)
  • Configure domain-level data quality scan alerts
  • Set up domain-level schedule for data quality scanning jobs
  • Set domain-level access policies
  • Manage domain settings and configuration
  • Oversee all data products and assets within domain
  • Full administrative control within assigned domain

Common use cases

  • VP of Sales owning Sales data governance domain
  • Finance Director managing Finance domain
  • Chief Marketing Officer overseeing Marketing domain
  • Product leadership governing Product domain
  • Domain architects managing data mesh domains
  • Establishing federated governance with clear ownership

Best practices

  • Assign to business leaders accountable for domain data
  • Should delegate day-to-day work to Data Product Owners and Stewards
  • At least 2 domain owners per domain for coverage
  • Regular review of domain health and quality metrics
  • Set clear data quality standards and SLAs for domain
  • Coordinate with Data Map domain administrators
  • Establish approval workflows for data product publication
  • Document domain governance policies and standards

Security considerations

  • Full control within domain - highest domain-level privilege
  • Can delegate sensitive roles to others
  • Should not be IT-only role - needs business accountability
  • Domain owners define access policies affecting data access
  • Assign to senior business leaders with proven judgment

Common questions

When should I assign the Governance Domain Owner role?

Assign Governance Domain Owner when you need to: VP of Sales owning Sales data governance domain; Finance Director managing Finance domain; Chief Marketing Officer overseeing Marketing domain; Product leadership governing Product domain; and Domain architects managing data mesh domains. It is part of Microsoft Purview and should be granted as a least-privilege alternative to broader roles like Global Administrator.

What can someone with the Governance Domain Owner role do?

The Governance Domain Owner role grants permissions including: Delegate all governance domain roles (Data Product Owner, Data Steward, etc.); Configure domain-level data quality scan alerts; Set up domain-level schedule for data quality scanning jobs; Set domain-level access policies; Manage domain settings and configuration; and Oversee all data products and assets within domain. See the Permissions section above for the full list.

What are the security risks of the Governance Domain Owner role?

Key considerations when assigning Governance Domain Owner: Full control within domain - highest domain-level privilege; Can delegate sensitive roles to others; Should not be IT-only role - needs business accountability; and Domain owners define access policies affecting data access. Review the Security considerations section before assignment, and pair with Privileged Identity Management (PIM) for just-in-time access where possible.

Official Microsoft Learn documentation →

Open the interactive RBACMap →