Azure data catalog allows any user to register objects

Question

Azure Data Catalog allows any users to register objects unless stated they can't

We have found that users which are on our Active Directory but have not been added to the catalog security in anyway can see and successfully use the 'Publish' button to register their own objects to the catalog.

To remove this permission you appear to have to add them to the 'Catalog Users' in 'Settings' and then uncheck 'Register'. This then prevents them registering objects as well as the ability to see the 'Publish' button in the catalog.

Am I correct in saying this is the way to prevent any user in the AD from registering objects? Seems like a strange way round for security to be if you aren't added to the catalog you can register but if you are added and permission removed you can't.

Answer 1

The default behavior of the catalog is to allow any user to register any data source, and to allow any user to delete any data asset that has been registered.

The management capabilities included in the Standard Edition of Azure Data Catalog provide additional options for taking ownership of assets, restricting who can discover assets, and restricting who can delete assets.

For more details, refer "Register data assets in Azure Data Catalog".

Hope this helps.