Set user permissions and assign roles in Microsoft Priva
To give members of your organization permissions to use Microsoft Priva, assign them to the appropriate role groups in the Microsoft Purview compliance portal.
Note
Roles and permissions explained on this page pertain to the Privacy Risk Management and Subject Rights Requests for data within Microsoft 365 solutions. Roles for the Priva solutions that are in preview (Consent Management, Privacy Assessments, Subject Rights Requests for data beyond Microsoft 365, and Tracker Scanning) are discussed in the Get started articles for each solution.
Sign in and set permissions
Follow the instructions for the portal you're using.
New Priva portal (preview)
All Microsoft Priva solutions can be accessed in the new Priva portal (preview). Learn more about the new Microsoft Priva portal (preview).
- Sign in to the new Priva portal (preview) using credentials for an admin account in your Microsoft 365 organization.
- Select Settings in the upper right corner of the page, then select Roles and scopes.
- Manage permissions for users by following the instructions at Permissions in the Microsoft Purview portal (preview).
Classic Microsoft Purview compliance portal
The generally available (GA) solutions—Privacy Risk Management and Subject Rights Requests for data within Microsoft 365—are accessible in the classic Microsoft Purview compliance portal. The Priva solutions in preview aren't available in the classic portal. Learn more about the classic Microsoft Purview compliance portal.
- Go to the Microsoft Purview compliance portal using credentials for an admin account in your Microsoft 365 organization.
- Select Roles & scopes and then Permissions in the left navigation.
- Under the Microsoft Purview solutions dropdown, select Roles to display the full list of role groups.
- Find the role group to which you want to add one or more users (see role group descriptions below), and check the box to the left of the group name.
- On the flyout pane for that group, under the Members header, select Edit.
- On the flyout pane, select Choose members on the left navigation. Another flyout window appears.
- Select + Add to choose one or more users to add to the group.
- Select the checkbox next to the names you want to add, then select the Add button at the bottom.
- When you’re done assigning users, select Done, then Save, then Close.
Learn more about role groups and roles
Depending on the structure of your team, you have options to assign users to specific role groups to manage different sets of Priva features. Members should be assigned to role groups depending on what tasks they need to accomplish and what level of file access is appropriate. Each role group includes one or more roles. These roles might pertain to specific Priva tasks or key functions that are enabled or restricted for that group’s members. Different users might therefore have different levels of visibility and access into certain Priva features.
Role groups can be customized if needed. To avoid accidental loss of access, we recommend creating a copy of the existing role group you wish to customize, giving the copy an identifiable name, making and verifying your changes to the new group, and assigning people to it as appropriate.
Roles for preview solutions
To access any of the Priva solutions that are in preview—Consent Management, Privacy Assessments, Subject Rights Requests for data beyond Microsoft 365, and Tracker Scanning—a user must hold a Privacy Reader or Privacy Curator role.
Some solutions require extra roles for performing certain tasks. Visit each solution's documentation for details:
- Consent management roles
- Privacy assessments roles
- Subject rights requests for data beyond Microsoft 365 roles
- Tracker scanning roles
Tip
Learn more about role descriptions and how to assign roles by visiting Governance roles and permissions.
Roles for GA solutions
Most Priva roles for Privacy Risk Management and Subject Rights Requests for data within Microsoft 365 are designated as "privacy management." Roles specific to Priva don't appear in Microsoft Entra ID.
| Role group | Description | Roles |
|---|---|---|
| Privacy Management | This role group contains all the Priva permission roles in a single group. This group might be a good fit for organizations where the same individual performs all duties. Members of this group have full access to all features of Priva for which you hold a license. We recommend always having at least one active member of this group. | Case Management - Data Classification Content Viewer - Data Classification List Viewer - Privacy Management Admin - Privacy Management Analysis - Privacy Management Investigation - Privacy Management Permanent Contribution - Privacy Management Temporary Contribution - Privacy Management Viewer - Subject Rights Request Admin - View-Only Case |
| Privacy Management Administrators | Members have broad access to Priva functions, including permissions and settings, and creating, reading, updating, and deleting Privacy Risk Management policies. | Case Management Privacy Management Admin View-Only Case |
| Privacy Management Analysts | Members act as case analysts. They can investigate policy matches, view file metadata, and take remediation actions. Members can't access content items. | Case Management Data Classification List Viewer Privacy Management Analysis View-Only Case |
| Privacy Management Investigators | Members act as data investigators. They can investigate policy matches, view associated file content, and take remediation actions. Members can access content items. | Case Management Data Classification Content Viewer Data Classification List Viewer Privacy Management Investigation View-Only Case |
| Privacy Management Viewer | Members can view analytical information in Priva; for example, the Overview page, Data profile page, and subject rights request reports. | Privacy Management Viewer |
| Privacy Management Contributors | When you add a user as a collaborator on a subject rights request, they automatically get added as a member of this role group. Learn more about adding collaborators on subject rights requests. | Privacy Management Temporary Contribution Privacy Management Permanent Contribution |
| Subject Rights Request Administrators | Members have full rights to create and manage subject rights requests, and can add approvers for requests. | Subject Rights Request Admin |
| Subject Rights Request Approvers | Members can approve subject rights requests to which they're added as an approver. | Subject Rights Request Approver |
Resources
- Permissions in the Microsoft Purview portal
- Governance permissions in the Microsoft Purview portal (preview)
- Roles and role groups in the Microsoft Purview portals
Legal disclaimer
Обратна връзка
Очаквайте скоро: През цялата 2024 г. постепенно ще отстраняваме проблемите в GitHub като механизъм за обратна връзка за съдържание и ще го заменим с нова система за обратна връзка. За повече информация вижте: https://aka.ms/ContentUserFeedback.
Подаване и преглед на обратна връзка за