![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(294.40000000000003, 22%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EML%3C/text%3E%3C/svg%3E)
1,652 questions
@Michael Liveri - Thanks for the question and using MS Q&A platform.
Microsoft Purview, formerly known as Azure Purview, is a data governance tool that helps manage data across on-premises, multicloud, and SaaS environments. However, Microsoft Purview only allows one instance per tenant, which may require new patterns for designing enterprise solutions.
Unfortunately, the is no source mechanism for Azure Purview. In most cases, there should only be one Azure Purview account for the entire organization. This approach takes maximum advantage of the “network effects” where the value of the platform increases exponentially as a function of the data that resides inside the platform.
However, there are exceptions to this pattern. Here is an article which identifies common tasks that can help you deploy Azure Purview into higher environments/production: Azure Purview deployment best practices and deployment models
I am wanting to know if you can have a set of purviews roles that can access and manage a Prod and Non prod tenants but not creating them in each separate tenant for purview roles. basically using a single set of roles but providing access to prod and non prod data
Is that possible ???
Microsoft Purview doesn't support multi-tenancy. If you have Azure data sources distributed across multiple Azure subscriptions under different Azure Active Directory tenants, it's recommended deploying separate Microsoft Purview accounts under each tenant.
However, you can assign Microsoft Purview roles to the following security principals from your Azure Active Directory tenant that is associated with Azure subscription where your Microsoft Purview instance is hosted:
- Users and guest users (if they're already added into your Azure AD tenant)
- Security groups
- Managed Identities
- Service Principals
So, you can create a security group in your Azure AD tenant and add the users who need access to both prod and non-prod tenants to that group. Then, you can assign the required Microsoft Purview roles to that security group. This way, the same set of roles can be used to provide access to both prod and non-prod data.
Hope this helps. Do let us know if you have any further queries.
If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.