Share via

Limited eDiscovery Manager Role Group

User001122 0 Reputation points
2025-03-07T13:39:02.2366667+00:00

I’m setting up an external eDiscovery vendor with access to the Purview Compliance Center and need to create a restricted role group for the user. This role group should grant them access exclusively to a specific Purview Premium case that I've pre-setup.

The role group should not allow the user to add their own data sources. I will add the data sources for them. They should only be able to access the data sources that have already been added to the case. Within the case, I want them to have the ability to create collections, push data to review sets, filter, and export from those review sets. Ideally, they should not be able to add sources under the 'Additional Locations' section when creating a new collection either.

Thus far, I've setup a group with the following roles, however with this role the user is unable to push data to review sets and has access to 'additional locations'.

■ Compliance Search

■ Export

■ Manage Review Set Tags

■ Preview

■ Review

■ RMS Decrypt

Microsoft Purview
Microsoft Purview
A Microsoft data governance service that helps manage and govern on-premises, multicloud, and software-as-a-service data. Previously known as Azure Purview.
1,452 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Chandra Boorla 9,985 Reputation points Microsoft External Staff
    2025-03-07T21:03:37.5+00:00

    Hi @User001122

    To ensure the external eDiscovery vendor has the necessary permissions while preventing them from adding their own data sources or accessing "Additional Locations," you may need to adjust the role assignments in the custom role group.

    Roles to Assign -

    Compliance Search – Allows the user to search within the designated case.

    Manage Review Sets – Enables pushing collections to review sets and managing them.

    Export – Enables exporting data from review sets.

    Manage Review Set Tags – Allows managing tags within review sets.

    Preview – Lets the user preview items in review sets.

    Review – Grants access to review items in review sets.

    RMS Decrypt – Allows viewing rights-protected content.

    Case Search (optional) - Facilitates search operations within the specific case, if needed.

    Roles to Avoid (to enforce restrictions) -

    Custodian – Grants permission to add and manage data sources, which is not needed.

    Case Management – Allows managing collections and adding data sources, which should be restricted.

    Collections: Avoid this role to prevent users from managing collections beyond their review capabilities.

    Additional Considerations -

    Restrict "Additional Locations" Access - While there is no direct role-based control over this, ensure the user is not assigned any broader eDiscovery roles.

    Check for Conflicting Role Assignments - Verify the user is not part of another role group (e.g., eDiscovery Manager) that provides additional privileges.

    Ensure Role Group is Assigned at the Case Level - This prevents the user from accessing other cases.

    For additional information, please refer the following docs.

    By adhering to these guidelines, you should be able to set up a role group that grants the vendor the access they need while maintaining the necessary restrictions.

    I hope this information helps. Please do let us know if you have any further queries.

    Kindly consider upvoting the comment if the information provided is helpful. This can assist other community members in resolving similar issues.

    Thank you.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.