Admin privileges for the audit and investigation tool

Depending on your Google Workspace edition, you might have access to the security investigation tool, which has more advanced features. For example, super admins can identify, triage, and take action on security and privacy issues. Learn more

Your ability to use the audit and investigation tool depends on your Google edition, your administrative privileges, and the data source. You can run a search in the audit and investigation tool on all users, regardless of their Google Workspace edition.

For example, to use the audit and investigation tool you need to be an administrator with audit and investigation tool privileges. Super administrators have these privileges by default, or you can add them to a custom administrator role.  

Coming soon: Changes to log events privileges 

Soon, administrators will need the Audit and Investigation View privilege instead of the Reports privilege to access log events.

What you need to know about this change

  • Administrators who currently have the Reports privilege will automatically be assigned the Audit and Investigation View, Activity Rules View, and Activity Rules Manage privileges. 
  • If you create a new administrator role for the Reports privilege, you must also assign the Audit and Investigation View, Activity Rules View, and Activity Rules Manage privileges. 
  • If an administrator needs the Reports privilege, but doesn’t need to access log events, wait until after this change to remove the additional privileges. 
  • After this change, roles with only the Reports privilege will no longer be able to access log events.

Administrators with a premium edition

Administrators with a premium edition (for example, Enterprise Plus) will get access to some additional features: 

  • With the Audit and Investigation View privilege administrators can:
    • Create a custom chart based on an investigation (only if Security Dashboard is accessible). Learn more
    • Perform actions on log events. Learn more
  • With the Activity Rules View and Activity Rules Manage privileges, administrators can create activity rules. Learn more

If an administrator doesn’t need these features, a super administrator can remove the privileges from the role.

Create admin role for audit & investigation tool

You can add admin privileges for the audit and investigation tool to an existing custom role or create a new role with only the tool privileges.

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. In the Admin console, go to Menu and then Accountand thenAdmin roles.
  3. Choose an option:
    1. To add the privileges to an existing role, point to the custom administrator role and click View privilegesand thenOpen privileges.
    2. To create a new admin role, click Create new role, add a name and description, and click Continue.
  4. In the Services section, next to Security Center, click the Right arrow  to expand the privileges.
  5. Next to This user has full administrative rights for Security Center, click the Right arrow  to expand the privileges.
  6. Next to Audit and investigation, click the Right arrow  to expand the privileges.
  7. Choose an option:
    • To allow the admin to run searches and see returned results, which could contain sensitive content, check the View box.
    • (DLP access only) To allow the admin to view rule-sensitive content, check the View sensitive content box.For details, see Use Workspace DLP to prevent data loss

      Enterprise Standard, Enterprise Plus, or Education Plus only
    • To allow the admin to update content, for example, change the access control list of a document or delete an email, check the Manage box.
    • View sensitive content—View data from Chat messages, Gmail attachments, Chrome and Rules. Chat messages and attachments include those that violate DLP rules (if the View sensitive content setting is ON) or are reported as inappropriate. This privilege can help admins understand any risk that might be associated with the message.
  8. Click Save or Continue.
  9. If prompted, review the privileges and click Create Role.
  10. Assign the role to any users. For the steps, go to Assign roles.

Related topics

Was this helpful?

How can we improve it?
Search
Clear search
Close search
Main menu
3034746030348981325
true
Search Help Center
true
true
true
true
true
73010
false
false