The file owner's permissions are greater than Purview's tag permissions

Question

The scenario that the boss wants is that the purview tag is the largest. Even the owner of the file cannot change the tag at will. However, after testing, as long as the owner of the file can change the tag, is there any supporting measures or explanation, because I can't find any official documents to convince the boss

Answer 1

HI @Jiang, Howard 江皓瑞

Microsoft Purview Data Map classification tags (such as custom tags assigned during scans) do not enforce restrictions on user actions, including those of file owners. These tags are metadata used for governance, discovery, and classification purposes they do not override native file permissions or prevent changes made by users who have access.

As a result, file owners with write permissions can change or remove tags, and this is the expected behavior.

If your organization’s requirement is to ensure classification cannot be changed by end users (even owners), Microsoft recommends using Sensitivity Labels with enforcement policies, published via Microsoft Purview Information Protection. These can include:

• Preventing users from changing or removing labels
• Requiring justification for changes
• Automatically applying encryption or access restrictions

At present, there is no feature in Microsoft Purview Data Map to restrict classification tag modification based on user roles or ownership. To meet compliance or data protection goals, sensitivity labels with enforcement policies are the supported approach.

For more details refer: https://learn.microsoft.com/en-us/purview/sensitivity-labels

Appreciate if you could share the feedback on our feedback channel. Which would be open for the user community to upvote & comment on. This allows our product teams to effectively prioritize your request against our existing feature backlog and gives insight into the potential impact of implementing the suggested feature.