Notification

Duet AI is now Gemini for Google Workspace. Learn more

Admin privileges for the audit and investigation tool

To use the audit and investigation tool you need to be an administrator with audit and investigation tool privileges. Super administrators have these privileges by default, or you can add them to a custom administrator role.  

 

Your access to the audit and investigation tool

  • Your ability to run a search in the audit and investigation tool depends on your Google edition, your administrative privileges, and the data source. You can run a search in the audit & investigation tool on all users, regardless of their Google Workspace edition.
  • If you have a premium Google Workspace edition (Enterprise Plus, Enterprise Standard, or Education Plus), you have access to the security investigation tool, which provides more advanced features. For example, super admins can identify, triage, and take action on security and privacy issues. For details, go to About the security investigation tool.

 

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. In the Admin console, go to Menu and then Accountand thenAdmin roles.
  3. Point to a custom administrator role.

    Tip: If you need to create a new admin role, see Create a custom role.

  4. Click View privileges.
  5. Click Open privileges.
  6. In the Services section, click the Security Center privileges to expand them.
  7. Click to expand the This user has full administrative rights for Security Center privilege.
  8. Click to expand Audit & investigation.
  9. Check the individual boxes for Audit & investigation privileges. You can add specific privileges for access to different types of data (for example, Gmail, Drive, Device, User, and Rule):
    • View—Run queries and see the results that are returned from the query in the investigation tool. The results could contain sensitive content.
    • View sensitive content—View rule sensitive content with this privilege if you have DLP access. For details, see Use Workspace DLP to prevent data loss

      These privileges are functional if you have a premium Google Workspace edition (Enterprise Plus, Enterprise Standard, or Education Plus)
    • Manage—Update content. For example, change the access control list (ACL) of a document or delete an email.
    • View sensitive content—View data from Chat messages, Gmail attachments, Chrome and Rules. Chat messages and attachments include those that violate DLP rules (if the View sensitive content setting is ON) or are reported as inappropriate. This privilege can help admins understand any risk that might be associated with the message. 
  10. Click Save.

For more information about admin privileges, see Admin privileges for the security center.

Related topics

Was this helpful?

How can we improve it?

Need more help?

Try these next steps:

Post to the help community Get answers from community members
Contact us Tell us more and we’ll help you get there
true
Start your free 14-day trial today

Professional email, online storage, shared calendars, video meetings and more. Start your free Google Workspace trial today.

Search
Clear search
Close search
Main menu
14276015802183807456
true
Search Help Center
true
true
true
true
true
73010
false
false