Microsoft Purview

Microsoft Purview Metadata Policies API

APIs for creating and managing data access policies based on metadata attributes. Enables programmatic management of collection-level permissions and role assignments.

GitHub OpenAPI

Documentation

📖
Documentation
https://learn.microsoft.com/en-us/rest/api/purview/metadatapolicies
📖
Authentication
https://learn.microsoft.com/en-us/purview/tutorial-using-rest-apis
📖
GettingStarted
https://learn.microsoft.com/en-us/purview/legacy/tutorial-metadata-policy-collections-apis

Specifications

OpenAPI
https://raw.githubusercontent.com/api-evangelist/microsoft-purview/refs/heads/main/openapi/microsoft-purview-metadata-policies-openapi.yml

Other Resources

🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/microsoft-purview/refs/heads/main/capabilities/metadata-policies-metadata-policy.yaml
🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/microsoft-purview/refs/heads/main/capabilities/metadata-policies-metadata-roles.yaml

OpenAPI Specification

microsoft-purview-metadata-policies-openapi.yml Raw ↑ 
openapi: 3.1.0
info:
  title: Microsoft Purview Metadata Policies API
  description: >-
    APIs for creating and managing data access policies based on metadata
    attributes. Enables programmatic management of collection-level permissions
    and role assignments within the Purview data governance framework.
  version: 2021-07-01-preview
  contact:
    name: Microsoft Purview Support
    url: https://learn.microsoft.com/en-us/purview/
  license:
    name: Microsoft API License
    url: https://azure.microsoft.com/en-us/support/legal/
servers:
  - url: https://{accountName}.purview.azure.com/policystore
    description: Microsoft Purview Metadata Policies API endpoint
    variables:
      accountName:
        description: The name of the Microsoft Purview account
        default: myaccount
security:
  - oauth2: []
tags:
  - name: Metadata Policy
    description: Operations for managing metadata policies
  - name: Metadata Roles
    description: Operations for managing metadata roles
paths:
  /metadataPolicies/{policyId}:
    get:
      operationId: getMetadataPolicy
      summary: Microsoft Purview Get a metadata policy
      description: Gets a metadata policy by its identifier.
      tags:
        - Metadata Policy
      parameters:
        - name: policyId
          in: path
          required: true
          description: The unique identifier of the metadata policy
          schema:
            type: string
        - name: api-version
          in: query
          required: true
          schema:
            type: string
            default: '2021-07-01-preview'
      responses:
        '200':
          description: Metadata policy retrieved successfully
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/MetadataPolicy'
        '401':
          description: Unauthorized
        '404':
          description: Policy not found
    put:
      operationId: updateMetadataPolicy
      summary: Microsoft Purview Update a metadata policy
      description: Updates a metadata policy with the given identifier.
      tags:
        - Metadata Policy
      parameters:
        - name: policyId
          in: path
          required: true
          description: The unique identifier of the metadata policy
          schema:
            type: string
        - name: api-version
          in: query
          required: true
          schema:
            type: string
            default: '2021-07-01-preview'
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/MetadataPolicy'
      responses:
        '200':
          description: Metadata policy updated successfully
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/MetadataPolicy'
        '400':
          description: Bad request
        '401':
          description: Unauthorized
  /metadataPolicies:
    get:
      operationId: listAllMetadataPolicies
      summary: Microsoft Purview List all metadata policies
      description: List or get metadata policies for the Purview account.
      tags:
        - Metadata Policy
      parameters:
        - name: api-version
          in: query
          required: true
          schema:
            type: string
            default: '2021-07-01-preview'
        - name: collectionName
          in: query
          description: Filter by collection name
          schema:
            type: string
      responses:
        '200':
          description: Metadata policies listed successfully
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/MetadataPolicyList'
        '401':
          description: Unauthorized
  /metadataRoles:
    get:
      operationId: listMetadataRoles
      summary: Microsoft Purview List metadata roles
      description: Lists the metadata roles available in the Purview account.
      tags:
        - Metadata Roles
      parameters:
        - name: api-version
          in: query
          required: true
          schema:
            type: string
            default: '2021-07-01-preview'
      responses:
        '200':
          description: Metadata roles listed successfully
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/MetadataRoleList'
        '401':
          description: Unauthorized
components:
  securitySchemes:
    oauth2:
      type: oauth2
      description: Azure Active Directory OAuth2 authentication
      flows:
        clientCredentials:
          tokenUrl: https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/token
          scopes:
            https://purview.azure.net/.default: Access Microsoft Purview
  schemas:
    MetadataPolicy:
      type: object
      description: A metadata policy for controlling data access
      properties:
        id:
          type: string
        name:
          type: string
        version:
          type: integer
          format: int32
        properties:
          type: object
          properties:
            description:
              type: string
            decisionRules:
              type: array
              items:
                $ref: '#/components/schemas/DecisionRule'
            attributeRules:
              type: array
              items:
                $ref: '#/components/schemas/AttributeRule'
            collection:
              $ref: '#/components/schemas/CollectionReference'
            parentCollectionName:
              type: string
    DecisionRule:
      type: object
      properties:
        kind:
          type: string
          enum: [decisionrule]
        effect:
          type: string
          enum: [Permit, Deny]
        dnfCondition:
          type: array
          items:
            type: array
            items:
              $ref: '#/components/schemas/AttributeMatcher'
    AttributeRule:
      type: object
      properties:
        kind:
          type: string
          enum: [attributerule]
        id:
          type: string
        name:
          type: string
        dnfCondition:
          type: array
          items:
            type: array
            items:
              $ref: '#/components/schemas/AttributeMatcher'
    AttributeMatcher:
      type: object
      properties:
        attributeName:
          type: string
        attributeValueIncludes:
          type: string
        attributeValueIncludedIn:
          type: array
          items:
            type: string
        attributeValueExcludes:
          type: string
        attributeValueExcludedIn:
          type: array
          items:
            type: string
    CollectionReference:
      type: object
      properties:
        referenceName:
          type: string
        type:
          type: string
    MetadataPolicyList:
      type: object
      properties:
        values:
          type: array
          items:
            $ref: '#/components/schemas/MetadataPolicy'
        nextLink:
          type: string
    MetadataRoleList:
      type: object
      properties:
        values:
          type: array
          items:
            $ref: '#/components/schemas/MetadataRole'
        nextLink:
          type: string
    MetadataRole:
      type: object
      properties:
        id:
          type: string
        name:
          type: string
        type:
          type: string
        properties:
          type: object
          properties:
            provisioningState:
              type: string
            roleType:
              type: string
            friendlyName:
              type: string
            description:
              type: string
            cnfCondition:
              type: array
              items:
                type: array
                items:
                  $ref: '#/components/schemas/AttributeMatcher'