Notification

Duet AI is now Gemini for Google Workspace. Learn more

Admin privileges for the security investigation tool

To use the investigation tool you need to be an administrator with security investigation tool privileges. Super administrators have these privileges by default, or you can add them to a custom administrator role.  

Your access to the security investigation tool

  • The security investigation tool requires a premium Google Workspace edition (Enterprise Standard, Enterprise Plus, or Education Plus).
  • You can access logs using the Chrome browser for the Google apps you have installed. For example, Gmail.
  • Your ability to run a search in the investigation tool depends on your Google edition, your administrative privileges, and the data source. If you're unable to run a search in the investigation tool for a specific data source, you can use the audit and investigation page instead. 
  • You can run a search in the investigation tool on all users, regardless of the Google edition they have.

Create admin role for security investigation tool

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. In the Admin console, go to Menu and then Accountand thenAdmin roles.
  3. Choose an option:
    1. To add the privileges to an existing role, point to the custom administrator role and click View privilegesand thenOpen privileges.
    2. To create a new admin role, click Create new role, add a name and description, and click Continue.
  4. In the Services section, next to Security Center, click the Right arrow  to expand the privileges.
  5. Next to This user has full administrative rights for Security Center, click the Right arrow  to expand the privileges.
  6. (Optional) To give the admin access to all Security Center features, including the security investigation tool, check the This user has full administrative rights for Security Center box and go to Step 11.
  7. Next to Audit and investigation, click the Right arrow  to expand the privileges.
  8. Choose an option:
    1. To allow the admin to run searches and see returned results, which could contain sensitive content, check the View box.
    2. To allow the admin to update content, for example, change the access control list of a document or delete an email, check the Manage box.
    3. To allow admins to view complete messages and attachments, including those that violate DLP rules (if the View sensitive content setting is ON) or are reported as inappropriate, check the View sensitive content box. 
  9. Click Save or Continue.
  10. If prompted, review the privileges and click Create Role.
  11. Assign the role to any users. For the steps, go to Assign roles.

Related topic

Was this helpful?

How can we improve it?
Search
Clear search
Close search
Google apps
Main menu
13440389297877702421