You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-office-365/scc-permissions.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -70,8 +70,8 @@ Managing permissions in Defender for Office 365 or Microsoft Purview gives users
70
70
|**Compliance Manager Assessors**|Create assessments, implement improvement actions, and update test status for improvement actions.|Compliance Manager Assessment <br/><br/> Compliance Manager Contribution <br/><br/> Compliance Manager Reader <br/><br/> Data Connector Admin|
71
71
|**Compliance Manager Contributors**|Create assessments and perform work to implement improvement actions.|Compliance Manager Contribution <br/><br/> Compliance Manager Reader <br/><br/> Data Connector Admin|
72
72
|**Compliance Manager Readers**|View all Compliance Manager content except for administrator functions.|Compliance Manager Reader|
73
-
|**Content Explorer Content Viewer**|View the contents files in Content explorer.|Data Classification Content Viewer|
74
-
|**Content Explorer List Viewer**|View all items in Content explorer in list format only.|Data Classification List Viewer|
73
+
|**Content Explorer Content Viewer**|View the contents of files in content explorer, and the prompts and response in Data Security Posture Management for AI.|Data Classification Content Viewer|
74
+
|**Content Explorer List Viewer**|View all items in content explorer in list format only.|Data Classification List Viewer|
75
75
|**Data Catalog Curators**|Perform create, read, modify, and delete actions on catalog data objects and establish relationships between objects.|Data Map Reader <br/><br/> Data Map Writer|
76
76
|**Data Estate Insights Admins**|Provides admin access to all insights reports across platforms and providers.|Data Map Reader <br/><br/> Insights Reader <br/><br/> Insights Writer|
77
77
|**Data Estate Insights Readers**|Provides read-only access to all insights reports across platforms and providers.|Data Map Reader <br/><br/> Insights Reader|
@@ -108,7 +108,7 @@ Managing permissions in Defender for Office 365 or Microsoft Purview gives users
108
108
|**Purview Administrators**|Create, edit, and delete domains and perform role assignments.|Admin Unit Extension Manager <br/><br/> Purview Domain Manager <br/><br/> Role Management|
109
109
|**Quarantine Administrator**|Members can access all Quarantine actions. For more information, see [Manage quarantined messages and files as an admin in EOP](quarantine-admin-manage-messages-files.md)|Quarantine|
110
110
|**Records Management**|Members can configure all aspects of records management, including retention labels and disposition reviews.|Disposition Management <br/><br/> RecordManagement <br/><br/> Retention Management <br/><br/> Scope Manager|
111
-
|**Reviewer**|Members can access review sets in [eDiscovery (Premium)](/purview/ediscovery-overview) cases. Members of this role group can see and open the list of cases on the **eDiscovery \> Advanced** page in the Microsoft Purview compliance portal that they're members of. After the user accesses an eDiscovery (Premium) case, they can select **Review sets** to access case data. This role doesn't allow the user to preview the results of a collection search that's associated with the case or do other search or case management tasks. Members of this role group can only access the data in a review set.|Review|
111
+
|**Reviewer**|Members can access review sets in [eDiscovery (Premium)](/purview/ediscovery-overview) cases. Members of this role group can see and open the list of cases on the **eDiscovery > Advanced** page in the Microsoft Purview compliance portal that they're members of. After the user accesses an eDiscovery (Premium) case, they can select **Review sets** to access case data. This role doesn't allow the user to preview the results of a collection search that's associated with the case or do other search or case management tasks. Members of this role group can only access the data in a review set.|Review|
112
112
|**Security Administrator**|Members have access to many security features of Identity Protection Center, Privileged Identity Management, Monitor Microsoft 365 Service Health, and the Defender and compliance portals. <br/><br/> By default, this role group may not appear to have any members. However, the Security Administrator role from Microsoft Entra ID is assigned to this role group. Therefore, this role group inherits the capabilities and membership of the Security Administrator role from Microsoft Entra ID. <br/><br/> To manage permissions centrally, add and remove group members in the Microsoft Entra admin center. For more information, see [Microsoft Entra built-in roles](/entra/identity/role-based-access-control/permissions-reference). If you edit this role group in these portals (membership or roles), those changes apply only to the security and compliance areas and not to any other services. <br/><br/> This role group includes all of the read-only permissions of the Security reader role, plus many additional administrative permissions for the same services: Azure Information Protection, Identity Protection Center, Privileged Identity Management, Monitor Microsoft 365 Service Health, and the Defender and compliance portals.|Audit Logs <br/><br/> Compliance Manager Administration <br/><br/> Device Management <br/><br/> DLP Compliance Management <br/><br/> IB Compliance Management <br/><br/> Manage Alerts <br/><br/> Quarantine <br/><br/> Security Administrator <br/><br/> Sensitivity Label Administrator <br/><br/> Tag Contributor <br/><br/> Tag Manager <br/><br/> Tag Reader <br/><br/> View-Only Audit Logs <br/><br/> View-Only Device Management <br/><br/> View-Only DLP Compliance Management <br/><br/> View-Only IB Compliance Management <br/><br/> View-Only Manage Alerts|
113
113
|**Security Operator**|Members can manage security alerts, and also view reports and settings of security features.|Compliance Search <br/><br/> Manage Alerts <br/><br/> Security Reader <br/><br/> Tag Contributor <br/><br/> Tag Reader <br/><br/> Tenant AllowBlockList Manager <br/><br/> View-Only Audit Logs <br/><br/> View-Only Device Management <br/><br/> View-Only DLP Compliance Management <br/><br/> View-Only IB Compliance Management <br/><br/> View-Only Manage Alerts|
114
114
|**Security Reader**|Members have read-only access to many security features of Identity Protection Center, Privileged Identity Management, Monitor Microsoft 365 Service Health, and the Defender and compliance portals. <br/><br/> By default, this role group may not appear to have any members. However, the Security Reader role from Microsoft Entra ID is assigned to this role group. Therefore, this role group inherits the capabilities and membership of the Security Reader role from Microsoft Entra ID. <br/><br/> To manage permissions centrally, add and remove group members in the Microsoft Entra admin center. For more information, see [Microsoft Entra built-in roles](/entra/identity/role-based-access-control/permissions-reference). If you edit this role group in the portals (membership or roles), those changes apply only to security and compliance areas and not to any other services.|Compliance Manager Reader <br/><br/> Security Reader <br/><br/> Sensitivity Label Reader <br/><br/> Tag Reader <br/><br/> View-Only Device Management <br/><br/> View-Only DLP Compliance Management <br/><br/> View-Only IB Compliance Management <br/><br/> View-Only Manage Alerts|
0 commit comments