openapi: 3.1.0 info: title: Microsoft Purview Metadata Policies API description: >- APIs for creating and managing data access policies based on metadata attributes. Enables programmatic management of collection-level permissions and role assignments within the Purview data governance framework. version: 2021-07-01-preview contact: name: Microsoft Purview Support url: https://learn.microsoft.com/en-us/purview/ license: name: Microsoft API License url: https://azure.microsoft.com/en-us/support/legal/ servers: - url: https://{accountName}.purview.azure.com/policystore description: Microsoft Purview Metadata Policies API endpoint variables: accountName: description: The name of the Microsoft Purview account default: myaccount security: - oauth2: [] tags: - name: Metadata Policy description: Operations for managing metadata policies - name: Metadata Roles description: Operations for managing metadata roles paths: /metadataPolicies/{policyId}: get: operationId: getMetadataPolicy summary: Microsoft Purview Get a metadata policy description: Gets a metadata policy by its identifier. tags: - Metadata Policy parameters: - name: policyId in: path required: true description: The unique identifier of the metadata policy schema: type: string - name: api-version in: query required: true schema: type: string default: '2021-07-01-preview' responses: '200': description: Metadata policy retrieved successfully content: application/json: schema: $ref: '#/components/schemas/MetadataPolicy' '401': description: Unauthorized '404': description: Policy not found put: operationId: updateMetadataPolicy summary: Microsoft Purview Update a metadata policy description: Updates a metadata policy with the given identifier. tags: - Metadata Policy parameters: - name: policyId in: path required: true description: The unique identifier of the metadata policy schema: type: string - name: api-version in: query required: true schema: type: string default: '2021-07-01-preview' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/MetadataPolicy' responses: '200': description: Metadata policy updated successfully content: application/json: schema: $ref: '#/components/schemas/MetadataPolicy' '400': description: Bad request '401': description: Unauthorized /metadataPolicies: get: operationId: listAllMetadataPolicies summary: Microsoft Purview List all metadata policies description: List or get metadata policies for the Purview account. tags: - Metadata Policy parameters: - name: api-version in: query required: true schema: type: string default: '2021-07-01-preview' - name: collectionName in: query description: Filter by collection name schema: type: string responses: '200': description: Metadata policies listed successfully content: application/json: schema: $ref: '#/components/schemas/MetadataPolicyList' '401': description: Unauthorized /metadataRoles: get: operationId: listMetadataRoles summary: Microsoft Purview List metadata roles description: Lists the metadata roles available in the Purview account. tags: - Metadata Roles parameters: - name: api-version in: query required: true schema: type: string default: '2021-07-01-preview' responses: '200': description: Metadata roles listed successfully content: application/json: schema: $ref: '#/components/schemas/MetadataRoleList' '401': description: Unauthorized components: securitySchemes: oauth2: type: oauth2 description: Azure Active Directory OAuth2 authentication flows: clientCredentials: tokenUrl: https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/token scopes: https://purview.azure.net/.default: Access Microsoft Purview schemas: MetadataPolicy: type: object description: A metadata policy for controlling data access properties: id: type: string name: type: string version: type: integer format: int32 properties: type: object properties: description: type: string decisionRules: type: array items: $ref: '#/components/schemas/DecisionRule' attributeRules: type: array items: $ref: '#/components/schemas/AttributeRule' collection: $ref: '#/components/schemas/CollectionReference' parentCollectionName: type: string DecisionRule: type: object properties: kind: type: string enum: [decisionrule] effect: type: string enum: [Permit, Deny] dnfCondition: type: array items: type: array items: $ref: '#/components/schemas/AttributeMatcher' AttributeRule: type: object properties: kind: type: string enum: [attributerule] id: type: string name: type: string dnfCondition: type: array items: type: array items: $ref: '#/components/schemas/AttributeMatcher' AttributeMatcher: type: object properties: attributeName: type: string attributeValueIncludes: type: string attributeValueIncludedIn: type: array items: type: string attributeValueExcludes: type: string attributeValueExcludedIn: type: array items: type: string CollectionReference: type: object properties: referenceName: type: string type: type: string MetadataPolicyList: type: object properties: values: type: array items: $ref: '#/components/schemas/MetadataPolicy' nextLink: type: string MetadataRoleList: type: object properties: values: type: array items: $ref: '#/components/schemas/MetadataRole' nextLink: type: string MetadataRole: type: object properties: id: type: string name: type: string type: type: string properties: type: object properties: provisioningState: type: string roleType: type: string friendlyName: type: string description: type: string cnfCondition: type: array items: type: array items: $ref: '#/components/schemas/AttributeMatcher'