Share via

Global admin with read-only access

Anonymous
2017-03-17T20:59:03+00:00

How can I create an admin account with application impersonaton but read-only access to mailboxes, sharepoint and onedrive?

I need an admin account for third-party backup application, that can read users' data (to backup it to external storage and export te data) but can not delete existing data or add new. If it is possible, which roles should be assigned?

Thank you.

Microsoft 365 and Office | Subscription, account, billing | For home | Windows

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

Answer accepted by question author

Anonymous
2017-03-18T07:10:39+00:00

Hi BulatSabirov,

If you assign the global admin role to a user, the user will have the access on all the applications and also gets admin access over SharePoint and Exchange admin center, which means user will have the ability to create, delete the sites and can change the site permission levels.

Given the situation, we will suggest you vote in this Office 365 Uservoicethread, requesting to get the read-only access on Office 365 admin center.

In this case, you can assign the role of User from Office 365 admin portal without giving the access to admin center. And as you mentioned, you want to give the read only access on the SharePoint site, then you may share the site with the user by giving him Team Site Visitors (Read) permission. In this way, user will only have the access to download the files/folders from the SharePoint site.

The following articles will help you understand more about SharePoint permission levels:

Understanding permission levels in SharePoint

How to create and edit Permission Levels

In case of Exchange mailbox; as a global admin, you can go to Exchange admin center (https://outlook.office.com/ecp/), under Permissions select admin roles to assign the role “Discovery Management” to the user or admin who needs access to the mailboxes.

To access users’ mailboxes, follow the steps mentioned in the article below:

https://technet.microsoft.com/en-us/library/dd353189(v=exchg.160).aspx (applies to Exchange Online as well)

Furthermore, only global admin can have the access over the files/ folders stored in other user’s OneDrive for business. A user who is assigned User role in Office 365, cannot access other’s OneDrive for business folders.

Let me know if you need further help.

Thanks,

Neha

Was this answer helpful?

1 person found this answer helpful.
0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest