Set user permissions and assign roles in Microsoft Priva
To give members of your organization permissions to use Microsoft Priva, assign them to the appropriate role groups in the Microsoft Purview compliance portal.
Note
Most Priva roles are currently designated as "privacy management." See below for a full list. Roles specific to Priva will not appear in Azure Active Directory.
Sign in and set permissions
- Go to the Microsoft Purview compliance portal and select Permissions in the left navigation.
- Under the Microsoft Purview solutions dropdown, select Roles. The full list of role groups will appear.
- Find the role group to which you want to add one or more users (see role group descriptions below), and check the box to the left of the group name.
- On the flyout pane for that group, under the Members header, select Edit.
- On the flyout pane, select Choose members on the left navigation. Another flyout window will appear.
- Select + Add to choose one or more users to add to the group.
- Select the checkbox next to the names you want to add, then select the Add button at the bottom.
- When you’re done assigning users, select Done, then Save, then Close.
Learn more about role groups and roles
Depending on the structure of your team, you have options to assign users to specific role groups to manage different sets of Priva features. Members should be assigned to role groups depending on what tasks they need to accomplish and what level of file access is appropriate. Each role group includes one or more roles. These roles may pertain to specific Priva tasks or key functions that are enabled or restricted for that group’s members. Different users may therefore have different levels of visibility and access into certain Priva features.
Role groups can be customized if needed. To avoid accidental loss of access, we recommend creating a copy of the existing role group you wish to customize, giving the copy an identifiable name, making and verifying your changes to the new group, and assigning people to it as appropriate.
| Role group | Description | Roles |
|---|---|---|
| Privacy Management | This role group contains all the Priva permission roles in a single group. This group may be a good fit for organizations where the same individual performs all duties. Members of this group have full access to all features of Priva for which you hold a license. We recommend always having at least one active member of this group. | Case Management - Data Classification Content Viewer - Data Classification List Viewer - Privacy Management Admin - Privacy Management Analysis - Privacy Management Investigation - Privacy Management Permanent Contribution - Privacy Management Temporary Contribution - Privacy Management Viewer - Subject Rights Request Admin - View-Only Case |
| Privacy Management Administrators | Members have broad access to Priva functions, including permissions and settings, and creating, reading, updating, and deleting Privacy Risk Management policies and subject rights requests. | Case Management Privacy Management Admin View-Only Case |
| Privacy Management Analysts | Members act as case analysts. They can investigate policy matches, view file metadata, and take remediation actions. Members can't access content items. | Case Management Data Classification List Viewer Privacy Management Analysis View-Only Case |
| Privacy Management Investigators | Members act as data investigators. They can investigate policy matches, view associated file content, and take remediation actions. Members can access content items. | Case Management Data Classification Content Viewer Data Classification List Viewer Privacy Management Investigation View-Only Case |
| Privacy Management Viewer | Members can view analytical information in Priva; for example, the Overview page, Data profile page, and subject rights request reports. | Privacy Management Viewer |
| Privacy Management Contributors | Members have access to subject rights requests to which they've been added as a collaborator. | Privacy Management Temporary Contribution Privacy Management Permanent Contribution |
| Subject Rights Request Administrators | Members have full rights to create and manage subject rights requests, and can add approvers for requests. | Subject Rights Request Admin |
| Subject Rights Request Approvers | Members can approve subject rights requests to which they've been added as an approver. | Subject Rights Request Approver |