Admin privileges for the security investigation tool

Supported editions for this feature: Frontline Standard and Frontline Plus; Enterprise Standard and Enterprise Plus; Education Standard and Education Plus; Enterprise Essentials Plus; Cloud Identity Premium. Compare your edition

To use the security investigation tool, you need to be an administrator with Audit and investigation privileges. Super administrators have these privileges by default, or you can add them to a custom administrator role. Use the following steps to update an existing role or create a new one.

Create or edit admin role for security investigation tool

1. In the Google Admin console, go to Menu Account Admin roles.

   Go to Admin roles

   You must be signed in as a super administrator for this task.

2. Choose an option:
   • To add the privileges to an existing role, locate the specific role in the list, and then click Actions View privileges Open privileges.
   • To create a new admin role, click Create new role, add a name and (optional) description, and click Continue.

3. In the Admin privileges section, click Services Security Center.

   Note: You can click the right arrows to expand child privileges, or the down arrows to hide child privileges. You can also use the Search bar at the top.

4. Do one of the following actions:

   • To give the admin access to all Security Center features, including the security investigation tool, check the This user has full administrative rights for Security Center box.
   • To give the admin access to specific security investigation features, check the This user has full administrative rights for Security Center box and the Audit and investigation box. Then choose an option:
   • To allow the admin to update content (for example, change the access control list of a document or delete an email), check the Manage box.
   • To allow the admin to run searches and see returned results (including results that could contain sensitive content), check the View box.
   • To allow the admin to view complete messages and attachments, including those that violate DLP rules (if the View sensitive content setting has been turned on in Security Investigation tool settings) or are reported as inappropriate, check the View sensitive content box.

5. Click Save or Continue.

6. If prompted, review the privileges and click Create Role.

7. Assign the role to any users. For the steps, go to Assign roles.

Related topics

• Admin privileges for the security center
• View content that triggers DLP rules
• Create a custom chart based on an investigation
• Take action based on search results
• Admin access to reporting rules & activity rules