Admin privileges for the security investigation tool

Supported editions for this feature: Frontline Standard, Enterprise Standard, Enterprise Plus, Education Standard, Education Plus, Enterprise Essentials Plus, Cloud Identity Premium. Compare your edition

To use the security investigation tool, you need to be an administrator with security investigation tool privileges. Super administrators have these privileges by default, or you can add them to a custom administrator role. 

Important: To provide more granular access permissions, the Audit and Investigation View privilege will soon be required to access log event data. Existing administrator roles with the Reports privilege will automatically be assigned the Audit and Investigation View, Activity View, and Activity Manage privileges. These privileges must be explicitly assigned for new administrator roles. If you need the Reports privilege, but not Audit and Investigation View, wait until after the change to remove the privilege. After this change, roles with only the Reports privilege will no longer be able to access log event data.

Create admin role for security investigation tool

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. In the Admin console, go to Menu and then Accountand thenAdmin roles.
  3. Choose an option:
    • To add the privileges to an existing role, point to the custom administrator role and click View privilegesand thenOpen privileges.
    • To create a new admin role, click Create new role, add a name and description, and click Continue.
  4. In the Services section, next to Security Center, click the Right arrow  to expand the privileges.
  5. Next to This user has full administrative rights for Security Center, click the Right arrow  to expand the privileges.
  6. (Optional) To give the admin access to all Security Center features, including the security investigation tool, check the This user has full administrative rights for Security Center box and go to Step 11.
  7. Next to Audit and investigation, click the Right arrow  to expand the privileges.
  8. Choose an option:
    • To allow the admin to run searches and see returned results, which could contain sensitive content, check the View box.
    • To allow the admin to update content, for example, change the access control list of a document or delete an email, check the Manage box.
    • To allow admins to view complete messages and attachments, including those that violate DLP rules (if the View sensitive content setting is ON) or are reported as inappropriate, check the View sensitive content box. 
  9. Click Save or Continue.
  10. If prompted, review the privileges and click Create Role.
  11. Assign the role to any users. For the steps, go to Assign roles.

Related topic

Was this helpful?

How can we improve it?
Search
Clear search
Close search
Google apps
Main menu