Can Azure accounts with different roles like Reader, Contributor within the same subscription share the same Microsoft Purview account?

Question

If 2 Azure accounts with different Roles like Reader and Contributor have the same organization subscription, can they share and use the same Microsoft Purview account via some sort of credentials or keys or invitation link or anything?

Answer 1

Hello @Nguyen Chinh Dat - TT DLPT

Microsoft Purview uses Azure role-based access control (RBAC) to manage access to resources. To access the Microsoft Purview account, users will need to authenticate with Azure AD and be assigned the appropriate roles in the Microsoft Purview account.

To invite users to the Microsoft Purview account, you can use Azure AD B2B collaboration to invite external users to your organization's Azure AD tenant. Once the external users have accepted the invitation and signed in to Azure AD, you can assign them roles in the Microsoft Purview account.

Alternatively, you can use service principals to authenticate and authorize applications and services to access the Microsoft Purview account. Service principals are like non-human users that can be assigned roles and permissions in Azure AD and used to authenticate and authorize applications and services.

In summary, users can share and use the same Microsoft Purview account if they have access to the same organization subscription and are assigned the appropriate roles and permissions in Azure AD and the Microsoft Purview account.

It's important to note that Collection Admins have full control over the Microsoft Purview account and all its assets, so you should be careful when assigning this role. You should also follow the principle of least privilege and only grant users the permissions they need to perform their tasks.

More reading on Microsoft Purview Roles: https://learn.microsoft.com/en-us/purview/catalog-permissions#roles

Please do let me know if this is helpful with initial query and can we close this case?