Unable to retrieve metaDataPolicy from Purview Policy Store after giving Collection Admin role through Add-AzPurviewAccountRootCollectionAdmin

Kartik Rana 21 Reputation points
2021-12-09T22:52:39.987+00:00

I came across this error while I was trying to update the meta data policy of my root collection in purview. I created a service principal and gave it Purview Root Collection Admin role through Add-AzPurviewAccountRootCollectionAdmin and It does reflect in my purview account but still I am getting unauthorized error.
My sp 156367-sp.png Giving Access 156346-accessgiven.png Reflects in Purview 156397-reflects-in-purview.png Generating token156347-generatingaccesstoken.png Unauthorized error 156369-unauthorized.png

I tried waiting for 5-10 minutes and generated a new token I still got the unauthorized error. After that I revoked Collection Admin role from my service principal and manually gave it the role again through purview portal this time. After manually giving the role and generating a new access token I was able to retrieve the meta data policy of my account.
Revoking Role 156348-remove.png Re-granting the role through purview portal 156453-giveaccessmanually.png156442-refecltsinpurview2.png Able to retrieve the policy through "GET" method 156433-resultreceived.png
Why am I not able to retrieve the meta data policy when I give the Collection Admin role through powershell? Is there anyone who is able to reproduce the bug?

Note: I do not think this is any transient issue as I have tried this many times still the same result.

Microsoft Purview
Microsoft Purview
A Microsoft data governance service that helps manage and govern on-premises, multicloud, and software-as-a-service data. Previously known as Azure Purview.
859 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. PRADEEPCHEEKATLA-MSFT 73,651 Reputation points Microsoft Employee
    2021-12-10T08:34:21.09+00:00

    Hello @Kartik Rana ,

    Thanks for using MS Q&A platform.

    This is an excepted behaviour (Will not retrieve metaDataPolicy from Purview Policy Store after giving Collection Admin role) when you adding Add-AzPurviewAccountRootCollectionAdmin.

    156509-image.png

    You may checkout my previous answer "azure purview access permission" which addressing how to grant access to the Azure Purview account.

    You may use the Purview-API-PowerShell to retrieve the metaDataPolicy from Purview Policy Store.

    Full Documentation, Usage, Samples & Example Commands : https://github.com/Azure/Azure-Purview-API-PowerShell.

    For more details, refer to Tutorial: Use REST APIs to manage role-based access control on Azure Purview collections.

    Hope this will help. Please let us know if any further queries.

    ------------------------------

    • Please don't forget to click on 130616-image.png or upvote 130671-image.png button whenever the information provided helps you. Original posters help the community find answers faster by identifying the correct answer. Here is how
    • Want a reminder to come back and check responses? Here is how to subscribe to a notification
    • If you are interested in joining the VM program and help shape the future of Q&A: Here is how you can be part of Q&A Volunteer Moderators