Using this official Purview document, we created a Workflow for self-service data access policy. When a consumer submits a request for a Read access to a data asset, it successfully sends the request to the data owner of the asset. Data Owner approves the request, and after approval, a policy gets successfully auto generated. But the consumer still does not have Read access to the data asset via Azure Portal or Azure Storage Explorer. According to following official documentations and a video from Purview teams, the consumer should have a Read access to the data asset.
Question: What we may have been missing and how the issue can be resolved?
Remarks: We have verified all the prerequisites described in the above link, as follows:
Ran the short PowerShell script:
Install the Az module
Install-Module -Name Az -Scope CurrentUser -Repository PSGallery -Force
Login into the subscription
Connect-AzAccount -Subscription <SubscriptionID>
Register the feature
Register-AzProviderFeature -FeatureName AllowPurviewPolicyEnforcement -ProviderNamespace Microsoft.Storage
- Data Asset: ADLSGen2 Storage Account [This was created after running the above script]
- Purview Collection: Collection1 (subcollection of root collection)
- Data Owner roles on the storage account: IAM Owner, Storage Blob Data Contributor
- Data Owner roles on Collection1: Data Curator, Data Reader
- Consumer role on Collection1: Reader
- Screenshot of the policy auto-generated after an approval from data owner:
Ref: