Share via

Issue while executing REST API for Azure Purview

Khushboo 1 Reputation point
2022-05-24T05:23:41.463+00:00

Hi,

We have our Azure Purview Account deployed on Azure portal.
To execute REST API we are using Postman. Here we first generate our token and then using that token we try to execute the API. Each time we are executing the API we are getting the below error message - {"error":{"code":"Unauthorized","message":"Not authorized to access account"}} (403 Forbidden).
We tried giving permissions but not very sure what are the necessary permissions to be granted to be able to extract data or push data to Purview using API.

Can you please help us on an urgent basis? This is for a customer demo.

Thanks.

Regards,
Khushboo Mehta

Microsoft Security | Microsoft Purview

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. KranthiPakala-MSFT 46,737 Reputation points Microsoft Employee Moderator
    2022-05-25T00:34:53.553+00:00

    Hello @Khushboo ,

    Thanks for the question and using MS Q&A platform.

    For accounts created on or after 8/18, we need to assign the service principal Purview Data Curator role at collection level and not in Azure Portal for these APIs to work. For more information, please refer to this doc: Create and manage collections in Microsoft Purview

    You will have to assign the following roles to the service principal to access various data planes in Microsoft Purview.

    • Data Curator role to access Catalog Data plane.
    • Data Source Administrator role to access Scanning Data plane.
    • Collection Admin role to access Account Data Plane and Metadata policy Data Plane.

    NOTE: Please note that only members of the Collection Admin role can assign data plane roles in Microsoft Purview.

    To explore about the Access control in the Microsoft Purview Data Map please refer to this doc: Microsoft Purview - Who should be assigned to what role?

    205283-image.png

    205274-image.png

    205207-image.png

    Below is an important note from product team when you use existing service principals for calling Azure Purview REST APIs

    205266-image.png

    I would also recommend going through this helpful doc for using Purview REST APIs: Tutorial: Use the REST APIs

    Hope this will help. Please let us know if any further queries.

    ------------------------------

    • Please don't forget to click on 130616-image.png or upvote 130671-image.png button whenever the information provided helps you. Original posters help the community find answers faster by identifying the correct answer. Here is how
    • Want a reminder to come back and check responses? Here is how to subscribe to a notification
    • If you are interested in joining the VM program and help shape the future of Q&A: Here is how you can be part of Q&A Volunteer Moderators
    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.