This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(57.599999999999994, 56.00000000000001%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN%3C/text%3E%3C/svg%3E)
Hi,
One of our users has global administrator and compliance administrator permissions.
When running an eDiscovery she's able to get results to show up, but when attempting to export the results the following error comes up:
You don't have export permissions.
A compliance Administrator or a member of the Organization Management role group can assign you a role with export permissions. Only eDiscovery Managers and eDiscovery Administrators have export permissions among the default role groups.
Following has been checked:
User permissions in Azure, confirmed Global Administrator and Compliance Manager roles are assigned.
In Microsoft Purview - Roles & Scopes -> Permissions -> Azure AD Roles - Roles
Here the Global Administrator role and Compliance Administrator role are visible and confirm the users is in these groups.
In Microsoft Purview - Roles & Scopes -> Permissions -> Microsoft Purview Solutions -> Roles
When I select eDiscovery Manager I can see all users with compliance administrator permissions, except this one particular user.
When attempting to manually add the user, I get the following error:
Client Error
Request failed with status code 500
I've attempted to add myself to the eDiscovery Manager role in the same wizard and receive the same error.
My permissions include Global Administrator and Compliance Manager.
By default, even Global admins do not have permissions to perform such actions, as eDiscovery effectively allows access to everyone's data, which is an obvious concern. As an admin, you can add permissions, by using the steps you've detailed above.
The 500 error is unfortunate, as it doesn't really tell us much. Can you capture the network traffic when performing the request and check the detailed error message therein?
The UI effectively uses PowerShell to manage said permissions, so you might as well try adding them via PowerShell directly. To do so, connect to the SCC endpoint first: https://learn.microsoft.com/en-us/powershell/exchange/connect-to-scc-powershell?view=exchange-ps
Once connected, use the following cmdlet:
Add-RoleGroupMember "eDiscovery Manager" -Member user@domain.com
Remember that you will also have to add the user to the specific case afterwards. Alternatively, add him as eDiscovery admin instead:
Add-eDiscoveryCaseAdmin -User user@domain.com
Hi Vasil,
Thank you this worked. Much appreciated. I've ended up giving permissions via the powershell commands.
To give some additional information.
Initially I've connected via connect-exchangeonline command in Powershell.
I wasn't able to get the commands and groups I needed. Specifically the eDiscovery Manager group I couldn't get data from when running get-rolegroup.
After I used Connect-IPPSSession -UserPrincipalName I was able to pull the group information I needed and run the commands to add the user as required. (Following Vasil's commands)
Cheers for your help!
Thanks for the information, Vasil, just wanted to add that I needed to remove the space in the role group for the command to succeed.
Add-RoleGroupMember "eDiscoveryManager" -Member user@domain.com
Hope this helps someone that may have gotten stuck.