Events
Take the Microsoft Learn Challenge
19 Nov, 23 - 10 Jan, 23
Ignite Edition - Build skills in Microsoft security products and earn a digital badge by January 10!
Register nowThis browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Here are some frequently asked questions for Microsoft Purview Data Sharing.
Yes, Microsoft Purview Data Sharing will be retired in September 2025. To share data, use Microsoft Fabric external data sharing.
No, data sharing is accessed through the classic Microsoft Purview governance portal: https://web.purview.azure.com
Yes, you can use REST API or .NET SDK for programmatic experience to share data.
We have a guide for getting started with the .NET SDK.
Operations | Roles and Permissions |
---|---|
Data provider: create share, add asset and recipients, revoke access | Microsoft Purview collection role: minimum of Data Reader to use the Microsoft Purview compliance portal experience, none to use API or SDK |
Storage account role checked when adding and updating asset: Owner or Storage Blob Data Owner | |
Storage account permissions checked when adding and updating asset: Microsoft.Authorization/roleAssignments/write OR Microsoft.Storage/storageAccounts/blobServices/containers/blobs/modifyPermissions/ | |
Data consumer: Receive share, attach share, delete share | Microsoft Purview collection role: minimum of Data Reader to use the Microsoft Purview compliance portal experience, none to use API or SDK |
Storage account role checked when attaching share: Contributor OR Owner OR Storage Blob Data Contributor OR Storage Blob Data Owner | |
Storage account permissions checked when attaching share: Microsoft.Storage/storageAccounts/write OR Microsoft.Storage/storageAccounts/blobServices/containers/write | |
Data consumer: Access shared data | No share-specific role required. You can access shared data with regular storage account permission just like any other data. Data consumer's ability to apply ACLs for shared data is currently not supported. |
When adding assets, you can select the container(s) that you would like to share.
Cross-region in-place data sharing isn't currently supported for storage account. Data provider and data consumer's storage accounts need to be in the same Azure region.
Storage in-place sharing supports read-only shares. Data consumer can't write to the shared data.
To share data back to the data provider, the data consumer can create a share and share with the data provider.
You can access shared data from storage clients like Azure Synapse Analytics Spark and Databricks. You won't be able to access shared data using Azure Data Factory, Power BI, or AzCopy.
Through the UI, you can share data with recipient's Azure sign-in email or using service principal's object ID and tenant ID.
Through API and SDK, you also send invitation to object ID of a user principal or service principal. Also, you can optionally specify a tenant ID that you want the share to be received into.
When the recipient attaches the share to a target storage account, any user or application that has access to the target storage account will be able to access shared data.
Once the received share is accepted and attached to a target storage account, any users with appropriate permissions to the target storage account can continue to access the shared data even after the recipient has left the organization.
Once the received share is accepted, any user with data reader permission to the Microsoft Purview collection that the share is received into can view and update the received share.
Data provider's source storage account can support up to 20 targets, and data consumer's target storage account can support up to 100 sources. To request a limit increase, contact support.
To troubleshoot issues with sharing data, refer to the troubleshooting section of the how to share data article. To troubleshoot issues with receiving share, refer to the troubleshooting section of the how to receive share article.
Private endpoints, VNET, and IP restrictions are supported for data share for storage. Blob should be chosen as the target subresource when creating a private endpoint for storage accounts.
Events
Take the Microsoft Learn Challenge
19 Nov, 23 - 10 Jan, 23
Ignite Edition - Build skills in Microsoft security products and earn a digital badge by January 10!
Register now