Admin privileges for the investigation tool

To use the investigation tool you need to be an administrator with investigation tool privileges. Super administrators have these privileges by default, or you can add them to a custom administrator role.  

Your access to the security investigation tool

  • Supported editions for the security investigation tool include Enterprise Plus, Education Standard, Education Plus, and Enterprise Essentials Plus.
  • Admins with Cloud Identity Premium, Frontline Standard, Enterprise Standard, and Education Standard can also use the investigation tool for a subset of data sources.
  • Your ability to run a search in the investigation tool depends on your Google edition, your administrative privileges, and the data source. If you're unable to run a search in the investigation tool for a specific data source, you can use the audit and investigation page instead.
    Note: You can run a search in the investigation tool on all users, regardless of the Google edition they have.

Add investigation tool privileges for admins

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in

  2. In the Admin console, go to Menu ""and then"" Accountand thenAdmin roles.
  3. Point to a custom administrator role.

    Tip: If you need to create a new admin role, see Create a custom role.

  4. Click View privileges.
  5. Click Open privileges.
  6. In the Services section, click the Security Center privileges to expand them.
  7. Click to expand the This user has full administrative rights for Security Center privilege.
  8. (Optional) To give the admin access to all Security Center features, including the investigation tool, check the This user has full administrative rights for Security Center box. If not granting full access, continue to Step 9.
  9. To give access only to the investigation tool, check the individual boxes for Investigation Tool privileges. You can add specific privileges for access to different types of data (for example, Gmail, Drive, Device, and User):
    • View Metadata and Attributes—Run queries and see the results that are returned from the query in the investigation tool. The results could contain sensitive content, such as the subject of an email or title of a document. For example, this privilege allows admins to view headers for Gmail messages.
    • Update or Delete—Update content (such as changing the ACL of a document) or delete an email.
    • View Detailed Content—View complete Chat messages and attachments, including those that violate DLP rules (if the View sensitive content setting is ON) or are reported as inappropriate. This privilege can help admins understand any risk that might be associated with the message.
  10. Click Save.

For more information about admin privileges, see Admin privileges for the security center.

Was this helpful?
How can we improve it?

Need more help?

Sign in for additional support options to quickly solve your issue

Clear search
Close search
Google apps
Main menu
Search Help Center