安全与合规中心内的权限Permissions in the Security & Compliance Center

重要

改进的 Microsoft 365 安全中心现在可用。The improved Microsoft 365 security center is now available. 此新体验将 Defender for Endpoint、Defender for Office、365 Microsoft 365 Defender 等引入了 Microsoft 365 安全中心。This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 security center. 了解新增功能Learn what's new.

适用对象Applies to

通过安全&合规中心,你可以向执行合规性任务(如设备管理、数据丢失防护、电子数据展示、保留等)的用户授予权限。The Security & Compliance Center lets you grant permissions to people who perform compliance tasks like device management, data loss prevention, eDiscovery, retention, and so on. 这些人员只能执行你明确授予其访问权限的任务。These people can perform only the tasks that you explicitly grant them access to. 若要访问安全&中心,用户需要是全局管理员或一个或多个安全与合规&组的成员。To access the Security & Compliance Center, users need to be a global administrator or a member of one or more Security & Compliance Center role groups.

安全与合规&中的权限基于基于角色的访问控制 (RBAC) 模型。Permissions in the Security & Compliance Center are based on the role-based access control (RBAC) permissions model. RBAC 与 Exchange 使用的权限模型相同,因此如果您熟悉 Exchange,在安全与合规中心内授予权限&非常相似。RBAC is the same permissions model that's used by Exchange, so if you're familiar with Exchange, granting permissions in the Security & Compliance Center will be very similar. 但是,必须记住,Exchange组和安全与合规&组不共享成员身份或权限。It's important to remember, however, that Exchange role groups and Security & Compliance Center role groups don't share membership or permissions. 尽管二者都有一个组织管理角色组,但这两个角色组并不相同。While both have an Organization Management role group, they aren't the same. 角色组授予的权限以及角色组的成员都有区别。The permissions they grant, and the members of the role groups, are different. 下面列出了安全与合规&角色组。There's a list of Security & Compliance Center role groups below.

安全与合规中心&权限"页

成员、角色和角色组之间的关系Relationship of members, roles, and role groups

角色 可授予执行一组任务的权限;例如,事例管理角色可以让人员处理电子数据展示事例。A role grants permissions to do a set of tasks; for example, the Case Management role lets people work with eDiscovery cases.

角色组 是一组角色,允许用户在安全与合规中心&工作。A role group is a set of roles that lets people do their jobs across the Security & Compliance Center. 例如,合规性管理员角色组包括 (和其他角色) 包括案例管理、内容搜索和组织配置 (的角色以及其他) 因为合规性管理员需要具有执行这些任务的权限。For example, the Compliance Administrator role group includes (among other roles) the roles for Case Management, Content Search, and Organization Configuration (plus others) because someone who's a compliance admin will need the permissions for those tasks to do their job.

安全&合规中心包括用于需要为其分配人员的最常用任务和功能的默认角色组。The Security & Compliance Center includes default role groups for the most common tasks and functions that you'll need to assign people to. 我们建议仅将单个用户添加 默认角色组的成员。We recommend simply adding individual users as members to the default role groups.

显示角色组与角色和成员之间关系的图表

安全与合规中心&组Role groups in the Security & Compliance Center

下表列出了安全与合规&中提供的默认角色组,以及默认情况下分配给角色组的角色。The following table lists the default role groups that are available in the Security & Compliance Center, and the roles that are assigned to the role groups by default. 若要向用户授予执行合规性任务的权限,请将其添加到相应的安全与合规中心&组。To grant permissions to a user to perform a compliance task, add them to the appropriate Security & Compliance Center role group.

管理安全与合规&中的权限仅允许用户访问安全与合规中心本身&功能的合规性功能。Managing permissions in the Security & Compliance Center only gives users access to the compliance features that are available within the Security & Compliance Center itself. 如果要授予对不在安全 & 合规中心内的其他合规性功能的权限,例如 Exchange 邮件流规则 (也称为传输规则) ,则需要使用 Exchange 管理中心。If you want to grant permissions to other compliance features that aren't in the Security & Compliance Center, such as Exchange mail flow rules (also known as transport rules), you need to use the Exchange admin center.

若要了解如何授予对安全与合规&的访问权限,请参阅向用户授予Microsoft 365合规性管理中心的访问权限To see how to grant access to the Security & Compliance Center, check out Give users access to Microsoft 365 Compliance admin center.

备注

若要查看安全 合规中心&"权限"选项卡,你需要是管理员。具体而言,您需要分配有"角色管理"角色,默认情况下,该角色仅分配给安全与合规中心&管理角色组。To view the Permissions tab in the Security & Compliance Center, you need to be an admin. Specifically, you need to be assigned the Role Management role, and that role is assigned only to the Organization Management role group in the Security & Compliance Center by default. 此外, 角色管理 角色允许用户查看、创建和修改角色组。Furthermore, the Role Management role allows users to view, create, and modify role groups.



角色组Role group 说明Description 分配的默认角色Default roles assigned
通信合规性Communication Compliance 提供对以下所有通信合规性角色的权限:管理员、分析员、研究人员和查看者。Provides permission to all the communication compliance roles: administrator, analyst, investigator, and viewer. 案例管理Case Management

通信合规性管理员Communication Compliance Admin

通信合规性分析员Communication Compliance Analysis

通信合规性案例管理Communication Compliance Case Management

通信合规性调查员Communication Compliance Investigation

通信合规性查看者Communication Compliance Viewer

数据分类反馈提供程序Data Classification Feedback Provider

View-Only CaseView-Only Case

通信合规性管理员Communication Compliance Administrators 通信合规性管理员,可创建/编辑策略和定义全局设置。Administrators of communication compliance that can create/edit policies and define global settings. 通信合规性管理员Communication Compliance Admin

通信合规性案例管理Communication Compliance Case Management

通信合规性分析师Communication Compliance Analysts 可调查策略匹配项、查看邮件元数据和采取修正操作的通信合规性分析员。Analysts of communication compliance that can investigate policy matches, view message meta data, and take remediation actions. 通信合规性分析员Communication Compliance Analysis

通信合规性案例管理Communication Compliance Case Management

通信合规调查人员Communication Compliance Investigators 可调查策略匹配项、查看邮件内容以及执行修正操作的通信合规性分析员。Analysts of communication compliance that can investigate policy matches, view message content, and take remediation actions. 案例管理Case Management

通信合规性分析员Communication Compliance Analysis

通信合规性案例管理Communication Compliance Case Management

通信合规性调查员Communication Compliance Investigation

数据分类反馈提供程序Data Classification Feedback Provider

View-Only CaseView-Only Case

通信合规性查看器Communication Compliance Viewers 可以访问可用报告和小组件的通信合规性查看器。Viewer of communication compliance that can access the available reports and widgets. 通信合规性案例管理Communication Compliance Case Management

通信合规性查看者Communication Compliance Viewer

合规性管理员1Compliance Administrator1 成员可以管理设备管理、数据丢失防护、报告和保留的设置。Members can manage settings for device management, data loss prevention, reports, and preservation. 案例管理Case Management

合规性管理员Compliance Administrator

合规性搜索Compliance Search

数据分类反馈提供程序Data Classification Feedback Provider

数据分类反馈审阅者Data Classification Feedback Reviewer

设备管理Device Management

处置管理Disposition Management

DLP 合规性管理DLP Compliance Management

HoldHold

IB 合规性管理IB Compliance Management

管理通知Manage Alerts

组织配置Organization Configuration

RecordManagementRecordManagement

保留管理Retention Management

仅供查看审核日志View-Only Audit Logs

View-Only CaseView-Only Case

View-Only设备管理View-Only Device Management

View-Only DLP 合规性管理View-Only DLP Compliance Management

View-Only符合管理View-Only IB Compliance Management

View-Only管理警报View-Only Manage Alerts

仅查看收件人View-Only Recipients

View-Only记录管理View-Only Record Management

View-Only保留管理View-Only Retention Management

合规性数据管理员Compliance Data Administrator 成员可以管理设备管理、数据保护、数据丢失防护、报告和保留的设置。Members can manage settings for device management, data protection, data loss prevention, reports, and preservation. 合规性管理员Compliance Administrator

合规性搜索Compliance Search

设备管理Device Management

DLP 合规性管理DLP Compliance Management

处置管理Disposition Management

IB 合规性管理IB Compliance Management

管理通知Manage Alerts

组织配置Organization Configuration

RecordManagementRecordManagement

保留管理Retention Management

敏感度标签管理员Sensitivity Label Administrator

仅供查看审核日志View-Only Audit Logs

View-Only设备管理View-Only Device Management

View-Only DLP 合规性管理View-Only DLP Compliance Management

View-Only符合管理View-Only IB Compliance Management

View-Only管理警报View-Only Manage Alerts

仅查看收件人View-Only Recipients

View-Only记录管理View-Only Record Management

View-Only保留管理View-Only Retention Management

合规性管理器管理员Compliance Manager Administrators 管理模板创建和修改。Manage template creation and modification. 合规性管理器管理Compliance Manager Administration

合规性管理器评估Compliance Manager Assessment

合规性管理器贡献Compliance Manager Contribution

合规性管理器读者Compliance Manager Reader

合规性管理器评估员Compliance Manager Assessors 创建评估、实施改进操作和更新改进操作的测试状态。Create assessments, implement improvement actions, and update test status for improvement actions. 合规性管理器评估Compliance Manager Assessment

合规性管理器贡献Compliance Manager Contribution

合规性管理器读者Compliance Manager Reader

合规性管理器参与者Compliance Manager Contributors 创建评估并执行工作以实施改进操作。Create assessments and perform work to implement improvement actions. 合规性管理器贡献Compliance Manager Contribution

合规性管理器读者Compliance Manager Reader

合规性管理器读者Compliance Manager Readers 查看除管理员功能之外的所有合规性管理器内容。View all Compliance Manager content except for administrator functions. 合规性管理器读者Compliance Manager Reader
内容资源管理器内容查看器Content Explorer Content Viewer 在内容资源管理器中查看内容文件。View the contents files in Content explorer. 数据分类内容查看器Data Classification Content Viewer
内容资源管理器列表查看器Content Explorer List Viewer 仅以列表格式查看内容资源管理器中的所有项目。View all items in Content explorer in list format only. 数据分类列表查看器Data Classification List Viewer
电子数据展示管理员eDiscovery Manager 成员可以执行搜索并将邮箱、SharePoint Online 网站和 OneDrive for Business 位置置于保留状态。Members can perform searches and place holds on mailboxes, SharePoint Online sites, and OneDrive for Business locations. 成员还可以创建和管理电子数据展示事例,向事例添加和删除成员,创建和编辑与事例关联的内容搜索,以及访问Advanced eDiscovery。Members can also create and manage eDiscovery cases, add and remove members to a case, create and edit Content Searches associated with a case, and access case data in Advanced eDiscovery.

电子数据展示管理员是电子数据展示管理员角色组的成员,该成员已分配有其他权限。An eDiscovery Administrator is a member of the eDiscovery Manager role group who has been assigned additional permissions. 除了电子数据展示管理员可以执行的任务之外,电子数据展示管理员可以:In addition to the tasks that an eDiscovery Manager can perform, an eDiscovery Administrator can:

  • 查看组织的所有电子数据展示事例。View all eDiscovery cases in the organization.
  • 将其自己添加为任何电子数据展示事例的成员后管理这些事例。Manage any eDiscovery case after they add themselves as a member of the case.

电子数据 &展示管理员与电子数据展示管理员之间的主要区别在于,电子数据展示管理员可以访问安全与合规中心的"电子数据展示事例"页面上列出的所有事例。The primary difference between an eDiscovery Manager and an eDiscovery Administrator is that an eDiscovery Administrator can access all cases that are listed on the eDiscovery cases page in the Security & Compliance Center. 电子数据展示管理员只能访问他们创建的事例或他们的成员案例。An eDiscovery manager can only access the cases they created or cases they are a member of. 有关使用户成为电子数据展示管理员的信息,请参阅Sediscovery permissions in the Security & Compliance Center。For more information about making a user an eDiscovery Administrator, see Assign eDiscovery permissions in the Security & Compliance Center.

案例管理Case Management

通信Communication

合规性搜索Compliance Search

CustodianCustodian

导出Export

HoldHold

预览Preview

审阅Review

RMS 解密RMS Decrypt

全局读者Global Reader 成员对报告、警报具有只读访问权限,并且可以看到所有配置和设置。Members have read-only access to reports, alerts, and can see all the configuration and settings.

全局阅读器和安全读者之间的主要区别在于,全局读者可以访问 配置和设置The primary difference between Global Reader and Security Reader is that a Global Reader can access configuration and settings.

安全读取者Security Reader

敏感度标签阅读器Sensitivity Label Reader

服务保障视图Service Assurance View

仅供查看审核日志View-Only Audit Logs

View-Only设备管理View-Only Device Management

View-Only DLP 合规性管理View-Only DLP Compliance Management

View-Only符合管理View-Only IB Compliance Management

View-Only管理警报View-Only Manage Alerts

仅查看收件人View-Only Recipients

View-Only记录管理View-Only Record Management

View-Only保留管理View-Only Retention Management

内部风险管理Insider Risk Management 使用此角色组来管理单个组中组织的预览体验成员风险管理。Use this role group to manage insider risk management for your organization in a single group. 通过添加指定管理员、分析师和支持人员的所有用户帐户,可在单个组中配置预览体验计划风险管理权限。By adding all user accounts for designated administrators, analysts, and investigators, you can configure insider risk management permissions in a single group. 此角色组包含所有预览体验计划风险管理权限角色。This role group contains all the insider risk management permission roles. 这是快速开始使用预览体验计划风险管理的最简单方法,非常适合不需要为单独的用户组定义单独权限的组织。This is the easiest way to quickly get started with insider risk management and is a good fit for organizations that do not need separate permissions defined for separate groups of users. 案例管理Case Management

内部风险管理管理员Insider Risk Management Admin

内部风险管理分析Insider Risk Management Analysis

内部风险管理调查Insider Risk Management Investigation

View-Only CaseView-Only Case

内部风险管理管理员Insider Risk Management Admins 使用此角色组最初配置内部风险管理,稍后再将内部风险管理员隔离到定义的组中。Use this role group to initially configure insider risk management and later to segregate insider risk administrators into a defined group. 此角色组的用户可以创建、阅读、更新和删除预览体验计划风险管理策略、全局设置和角色组分配。Users in this role group can create, read, update, and delete insider risk management policies, global settings, and role group assignments. 案例管理Case Management

内部风险管理管理员Insider Risk Management Admin

View-Only CaseView-Only Case

预览体验计划风险管理分析员Insider Risk Management Analysts 使用此组为将充当预览体验成员案例分析员的用户分配权限。Use this group to assign permissions to users that will act as insider risk case analysts. 此角色组的用户可以访问所有预览体验计划风险管理警报、案例和通知模板。Users in this role group can access all insider risk management alerts, cases, and notices templates. 他们无法访问预览体验成员风险内容资源管理器。They cannot access the insider risk Content Explorer. 案例管理Case Management

内部风险管理分析Insider Risk Management Analysis

View-Only CaseView-Only Case

内部风险管理审核员Insider Risk Management Auditors 使用此组向将审核内部风险管理活动的用户分配权限。Use this group to assign permissions to users that will audit insider risk management activities. 此角色组的用户可以访问内部风险审核日志。Users in this role group can access the insider risk audit log. 内部风险管理审核Insider Risk Management Audit
预览体验计划风险管理调查员Insider Risk Management Investigators 使用此组为将充当预览体验成员、风险数据执行者的用户分配权限。Use this group to assign permissions to users that will act as insider risk data investigators. 此角色组的用户可以访问所有事例的预览体验计划风险管理警报、案例、通知模板和内容资源管理器。Users in this role group can access all insider risk management alerts, cases, notices templates, and the Content Explorer for all cases. 案例管理Case Management

内部风险管理调查Insider Risk Management Investigation

View-Only CaseView-Only Case

IRM 参与者IRM Contributors 此角色组可见,但仅由后台服务使用。This role group is visible, but is used by background services only. 内部风险管理永久参与Insider Risk Management Permanent contribution

内部风险管理临时参与Insider Risk Management Temporary contribution

MailFlow 管理员MailFlow Administrator 成员可以在安全与合规中心监视和查看&见解和报告。Members can monitor and view mail flow insights and reports in the Security & Compliance Center. 全局管理员可以向此组添加普通用户,但是,如果用户不是 Exchange Admin 组的成员,则用户将无法访问与Exchange相关的任务。Global admins can add ordinary users to this group, but, if the user isn't a member of the Exchange Admin group, the user will not have access to Exchange admin-related tasks. 仅查看收件人View-Only Recipients
组织管理1Organization Management1 成员可以控制访问安全与合规&功能的权限,还可以管理设备管理、数据丢失防护、报告和保留的设置。Members can control permissions for accessing features in the Security & Compliance Center, and also manage settings for device management, data loss prevention, reports, and preservation.

不是全局管理员的用户必须是 Exchange 管理员,才能在由 Microsoft 365 (基本移动性和安全性管理的设备(以前称为移动设备管理或 MDM) )上查看和采取措施。Users who are not global administrators must be Exchange administrators to see and take action on devices that are managed by Basic Mobility and Security for Microsoft 365 (formerly known as Mobile Device Management or MDM).

全局管理员将自动添加为此角色组的成员。Global admins are automatically added as members of this role group.

审核日志Audit Logs

案例管理Case Management

合规性管理员Compliance Administrator

合规性搜索Compliance Search

设备管理Device Management

DLP 合规性管理DLP Compliance Management

HoldHold

IB 合规性管理IB Compliance Management

管理通知Manage Alerts

组织配置Organization Configuration

隔离Quarantine

RecordManagementRecordManagement

保留管理Retention Management

角色管理Role Management

搜索和清除Search And Purge

安全管理员Security Administrator

安全读取者Security Reader

敏感度标签管理员Sensitivity Label Administrator

敏感度标签阅读器Sensitivity Label Reader

服务保障视图Service Assurance View

标记参与者Tag Contributor

标记管理器Tag Manager

标记读取器Tag Reader

仅供查看审核日志View-Only Audit Logs

View-Only设备管理View-Only Device Management

View-Only DLP 合规性管理View-Only DLP Compliance Management

View-Only符合管理View-Only IB Compliance Management

View-Only CaseView-Only Case

View-Only管理警报View-Only Manage Alerts

仅查看收件人View-Only Recipients

View-Only记录管理View-Only Record Management

View-Only保留管理View-Only Retention Management

隔离管理员Quarantine Administrator 成员可以访问所有隔离操作。Members can access all Quarantine actions. 有关详细信息,请参阅在 EOP 中以管理员角色管理隔离 的邮件和文件For more information, see Manage quarantined messages and files as an admin in EOP 隔离Quarantine
记录管理Records Management 成员可以配置记录管理的各个方面,包括保留标签和处置评审。Members can configure all aspects of records management, including retention labels and disposition reviews. 处置管理Disposition Management

RecordManagementRecordManagement

保留管理Retention Management

ReviewerReviewer 成员可以在一些情况下访问Advanced eDiscovery集。Members can access review sets in Advanced eDiscovery cases. 此角色组的成员可以在他们作为成员的 Microsoft 365 合规中心中的"电子数据展示">高级"页面上查看和打开事例列表。Members of this role group can see and open the list of cases on the eDiscovery > Advanced page in the Microsoft 365 compliance center that they're members of. 用户访问案例后Advanced eDiscovery,可以选择"审阅集"访问案例数据。 After the user accesses an Advanced eDiscovery case, they can select Review sets to access case data. 此角色不允许用户预览与案例关联的集合搜索的结果,或执行其他搜索或案例管理任务。This role doesn't allow the user to preview the results of a collection search that's associated with the case or do other search or case management tasks. 此角色组的成员只能访问审阅集内的数据。Members of this role group can only access the data in a review set. 审阅Review
安全管理员Security Administrator 成员可以访问 Identity Protection Center、Privileged Identity Management、Monitor Microsoft 365 Service Health 和 Security & 安全中心等多个安全功能。Members have access to a number of security features of Identity Protection Center, Privileged Identity Management, Monitor Microsoft 365 Service Health, and Security & Compliance Center.

默认情况下,此角色组可能看起来没有任何成员。By default, this role group may not appear to have any members. 但是,安全管理员角色Azure Active Directory分配给此角色组。However, the Security Administrator role from Azure Active Directory is assigned to this role group. 因此,此角色组从角色组继承安全管理员角色Azure Active Directory。Therefore, this role group inherits the capabilities and membership of the Security Administrator role from Azure Active Directory.

若要集中管理权限,在管理中心中添加Azure Active Directory删除组成员。To manage permissions centrally, add and remove group members in the Azure Active Directory admin center. 有关详细信息,请参阅管理员角色权限Azure Active Directory。For more information, see Administrator role permissions in Azure Active Directory. 如果在安全与合规中心 & (成员身份或角色) 中编辑此角色组,则这些更改仅适用于安全 & 合规中心,不适用于任何其他服务。If you edit this role group in the Security & Compliance Center (membership or roles), those changes apply only to the Security & Compliance Center and not to any other services.

此角色组包括安全读者角色的所有只读权限,以及用于相同服务的其他许多管理权限:Azure 信息保护、标识保护中心、Privileged Identity Management、监视 Microsoft 365 服务运行状况和安全 & 合规中心。This role group includes all of the read-only permissions of the Security reader role, plus a number of additional administrative permissions for the same services: Azure Information Protection, Identity Protection Center, Privileged Identity Management, Monitor Microsoft 365 Service Health, and Security & Compliance Center.

审核日志Audit Logs

设备管理Device Management

DLP 合规性管理DLP Compliance Management

IB 合规性管理IB Compliance Management

管理通知Manage Alerts

隔离Quarantine

安全管理员Security Administrator

敏感度标签管理员Sensitivity Label Administrator

标记参与者Tag Contributor

标记管理器Tag Manager

标记读取器Tag Reader

仅供查看审核日志View-Only Audit Logs

View-Only设备管理View-Only Device Management

View-Only DLP 合规性管理View-Only DLP Compliance Management

View-Only符合管理View-Only IB Compliance Management

View-Only管理警报View-Only Manage Alerts

安全运算符Security Operator 成员可以管理安全警报,还可以查看安全功能的报告和设置。Members can manage security alerts, and also view reports and settings of security features. 合规性搜索Compliance Search

管理通知Manage Alerts

安全读取者Security Reader

标记参与者Tag Contributor

标记读取器Tag Reader

仅供查看审核日志View-Only Audit Logs

View-Only设备管理View-Only Device Management

View-Only DLP 合规性管理View-Only DLP Compliance Management

View-Only符合管理View-Only IB Compliance Management

View-Only管理警报View-Only Manage Alerts

安全读者Security Reader 成员对 Identity Protection Center、Privileged Identity Management、Monitor Microsoft 365 Service Health 和 Security & 安全中心等多个安全功能具有只读访问权限。Members have read-only access to a number of security features of Identity Protection Center, Privileged Identity Management, Monitor Microsoft 365 Service Health, and Security & Compliance Center.

默认情况下,此角色组可能看起来没有任何成员。By default, this role group may not appear to have any members. 但是,安全读者角色Azure Active Directory分配给此角色组。However, the Security Reader role from Azure Active Directory is assigned to this role group. 因此,此角色组从角色组继承安全读者角色Azure Active Directory。Therefore, this role group inherits the capabilities and membership of the Security Reader role from Azure Active Directory.

若要集中管理权限,在管理中心中添加Azure Active Directory删除组成员。To manage permissions centrally, add and remove group members in the Azure Active Directory admin center. 有关详细信息,请参阅管理员角色权限Azure Active Directory。For more information, see Administrator role permissions in Azure Active Directory. 如果在安全与合规中心 & (成员身份或角色) 中编辑此角色组,则这些更改仅适用于安全 & 合规中心,不适用于任何其他服务。If you edit this role group in the Security & Compliance Center (membership or roles), those changes apply only to the Security & Compliance Center and not to any other services.

安全读取者Security Reader

敏感度标签阅读器Sensitivity Label Reader

标记读取器Tag Reader

View-Only设备管理View-Only Device Management

View-Only DLP 合规性管理View-Only DLP Compliance Management

View-Only符合管理View-Only IB Compliance Management

View-Only管理警报View-Only Manage Alerts

服务保证用户Service Assurance User 成员可以访问安全与合规中心中的服务&部分。Members can access the Service assurance section in the Security & Compliance Center. 服务保证提供报告和文档,介绍 Microsoft 针对存储在客户安全中心中的客户数据Microsoft 365。Service assurance provides reports and documents that describe Microsoft's security practices for customer data that's stored in Microsoft 365. 它还提供有关报告的独立第三方审核Microsoft 365。It also provides independent third-party audit reports on Microsoft 365. 有关详细信息,请参阅安全与 合规中心&保证For more information, see Service assurance in the Security & Compliance Center. 服务保障视图Service Assurance View
监管审核Supervisory Review 成员可以创建和管理用于定义哪类通讯在组织中易受到审查的策略。Members can create and manage the policies that define which communications are subject to review in an organization. 有关详细信息,请参阅 为组织配置通信合规性策略For more information, see Configure communication compliance policies for your organization. 监管审核管理员Supervisory Review Administrator

备注

1此角色组不会向成员分配搜索 审核日志 或使用可能包含 Exchange 数据的任何报告(如 DLP 或 Defender for Office 365 报告)所需的权限。1 This role group doesn't assign members the permissions necessary to search the audit log or to use any reports that might include Exchange data, such as the DLP or Defender for Office 365 reports. 若要搜索审核日志或查看所有报告,用户必须分配有Exchange Online。To search the audit log or to view all reports, a user has to be assigned permissions in Exchange Online. 这是因为用于搜索审核日志的基础 cmdlet 是 Exchange Online cmdlet。This is because the underlying cmdlet used to search the audit log is an Exchange Online cmdlet. 全局管理员可搜索审核日志并查看所有报告,因为它们会自动添加为组织中组织管理角色Exchange Online。Global admins can search the audit log and view all reports because they're automatically added as members of the Organization Management role group in Exchange Online. 有关详细信息,请参阅在安全与审核日志搜索&搜索。For more information, see Search the audit log in the Security & Compliance Center.

安全与合规&中的角色Roles in the Security & Compliance Center

下表列出了可用角色及其默认分配到的角色组。The following table lists the available roles and the role groups that they're assigned to by default.

请注意,默认情况下不会将以下角色分配给组织管理角色组:Note that the following roles aren't assigned to the Organization Management role group by default:

  • 攻击模拟器管理员Attack Simulator Admin
  • 攻击模拟器有效负载作者Attack Simulator Payload Author
  • 通信Communication
  • 通信合规性管理员Communication Compliance Admin
  • 通信合规性分析员Communication Compliance Analysis
  • 通信合规性案例管理Communication Compliance Case Management
  • 通信合规性调查员Communication Compliance Investigation
  • 通信合规性查看者Communication Compliance Viewer
  • 合规性管理器管理Compliance Manager Administration
  • 合规性管理器评估Compliance Manager Assessment
  • 合规性管理器贡献Compliance Manager Contribution
  • 合规性管理器读者Compliance Manager Reader
  • CustodianCustodian
  • 数据分类内容查看器Data Classification Content Viewer
  • 数据分类反馈提供程序Data Classification Feedback Provider
  • 数据分类反馈审阅者Data Classification Feedback Reviewer
  • 数据分类列表查看器Data Classification List Viewer
  • 处置管理Disposition Management
  • 导出Export
  • 内部风险管理管理员Insider Risk Management Admin
  • 内部风险管理分析Insider Risk Management Analysis
  • 内部风险管理审核Insider Risk Management Audit
  • 内部风险管理调查Insider Risk Management Investigation
  • 内部风险管理永久参与Insider Risk Management Permanent contribution
  • 内部风险管理临时参与Insider Risk Management Temporary contribution
  • 预览Preview
  • 审阅Review
  • RMS 解密RMS Decrypt
  • 监管审核管理员Supervisory Review Administrator


角色Role 说明Description 默认角色组分配Default role group assignments
攻击模拟器管理员Attack Simulator Admin 用于创建和管理攻击模拟市场活动的各个方面。Used to create and manage all aspects of attack simulation campaigns.
攻击模拟器有效负载作者Attack Simulator Payload Author 用于创建和管理攻击模拟器管理员可以部署的攻击负载。Used to create and manage attack payloads that can be deployed by attack simulator administrator.
审核日志Audit Logs 打开并配置组织的审核,查看组织的审核报告,然后将这些报告导出到文件中。Turn on and configure auditing for the organization, view the organization's audit reports, and then export these reports to a file. 组织管理Organization Management

安全管理员Security Administrator

案例管理Case Management 创建、编辑、删除和控制对电子数据展示事例的访问。Create, edit, delete, and control access to eDiscovery cases. 通信合规性Communication Compliance

通信合规调查人员Communication Compliance Investigators

合规性管理员Compliance Administrator

电子数据展示管理员eDiscovery Manager

内部风险管理Insider Risk Management

内部风险管理管理员Insider Risk Management Admins

预览体验计划风险管理分析员Insider Risk Management Analysts

预览体验计划风险管理调查员Insider Risk Management Investigators

组织管理Organization Management

通信Communication 管理与案例识别的保管人Advanced eDiscovery通信。Manage all communications with the custodians identified in an Advanced eDiscovery case. 创建保留通知、保留提醒以及上报给管理。Create hold notifications, hold reminders, and escalations to management. 跟踪保管人对保留通知的确认,并管理对保管人门户的访问,在一种情况下,每个保管人使用该门户跟踪被识别为保管人的情况的通信。Track custodian acknowledgment of hold notifications and manage access to the custodian portal that is used by each custodian in a case to track communications for the cases where they were identified as a custodian. 电子数据展示管理员eDiscovery Manager
通信合规性管理员Communication Compliance Admin 用于管理通信合规性功能中的策略。Used to manage policies in the Communication Compliance feature. 通信合规性Communication Compliance

通信合规性管理员Communication Compliance Administrators

通信合规性分析员Communication Compliance Analysis 用于对通信合规性功能中的邮件违反情况进行调查、修正。Used to perform investigation, remediation of the message violations in the Communication Compliance feature. 只能查看邮件元数据。Can only view message meta data. 通信合规性Communication Compliance

通信合规性分析师Communication Compliance Analysts

通信合规调查人员Communication Compliance Investigators

通信合规性案例管理Communication Compliance Case Management 用于访问通信合规性事例。Used to access Communication Compliance cases. 通信合规性Communication Compliance

通信合规性管理员Communication Compliance Administrators

通信合规性分析师Communication Compliance Analysts

通信合规调查人员Communication Compliance Investigators

通信合规性查看器Communication Compliance Viewers

通信合规性调查员Communication Compliance Investigation 用于执行通信合规性功能中的调查、修正和查看邮件违反。Used to perform investigation, remediation, and review message violations in the Communication Compliance feature. 可查看邮件元数据和消息。Can view message meta data and message. 通信合规性Communication Compliance

通信合规调查人员Communication Compliance Investigators

通信合规性查看者Communication Compliance Viewer 用于访问通信合规性功能中的报告和小组件。Used to access reports and widgets in the Communication Compliance feature. 通信合规性Communication Compliance

通信合规性查看器Communication Compliance Viewers

合规性管理员Compliance Administrator 查看和编辑合规性功能的设置和报告。View and edit settings and reports for compliance features. 合规性管理员Compliance Administrator

合规性数据管理员Compliance Data Administrator

组织管理Organization Management

合规性管理器管理Compliance Manager Administration 管理模板创建和修改。Manage template creation and modification. 合规性管理器管理员Compliance Manager Administrators
合规性管理器评估Compliance Manager Assessment 创建评估、实施改进操作和更新改进操作的测试状态。Create assessments, implement improvement actions, and update test status for improvement actions. 合规性管理器管理员Compliance Manager Administrators

合规性管理器评估员Compliance Manager Assessors

合规性管理器贡献Compliance Manager Contribution 创建评估并执行工作以实施改进操作。Create assessments and perform work to implement improvement actions. 合规性管理器管理员Compliance Manager Administrators

合规性管理器评估员Compliance Manager Assessors

合规性管理器参与者Compliance Manager Contributors

合规性管理器读者Compliance Manager Reader 查看除管理员功能之外的所有合规性管理器内容。View all Compliance Manager content except for administrator functions. 合规性管理器管理员Compliance Manager Administrators

合规性管理器评估员Compliance Manager Assessors

合规性管理器参与者Compliance Manager Contributors

合规性管理器读者Compliance Manager Readers

合规性搜索Compliance Search 跨邮箱执行搜索并估计结果。Perform searches across mailboxes and get an estimate of the results. 合规性管理员Compliance Administrator

合规性数据管理员Compliance Data Administrator

电子数据展示管理员eDiscovery Manager

组织管理Organization Management

安全操作员Security Operator

CustodianCustodian 识别和管理事例Advanced eDiscovery保管人,并使用来自Azure Active Directory和其他来源的信息查找与保管人关联的数据源。Identify and manage custodians for Advanced eDiscovery cases and use the information from Azure Active Directory and other sources to find data sources associated with custodians. 将其他数据源(如邮箱、SharePoint网站Teams案例与保管人关联。Associate other data sources such as mailboxes, SharePoint sites, and Teams with custodians in a case. 对与保管人关联的数据源设置法定保留,以在案例上下文中保留内容。Place a legal hold on the data sources associated with custodians to preserve content in the context of a case. 电子数据展示管理员eDiscovery Manager
数据分类内容查看器Data Classification Content Viewer 在内容资源管理器中查看文件的就地呈现。View in-place rendering of files in Content explorer. 内容资源管理器内容查看器Content Explorer Content Viewer
数据分类反馈提供程序Data Classification Feedback Provider 允许在内容资源管理器中向分类器提供反馈。Allows providing feedback to classifiers in content explorer. 通信合规性Communication Compliance

通信合规调查人员Communication Compliance Investigators

合规性管理员Compliance Administrator

数据分类反馈审阅者Data Classification Feedback Reviewer 允许在反馈资源管理器中查看分类器的反馈。Allows reviewing feedback from classifiers in feedback explorer. 合规性管理员Compliance Administrator
数据分类列表查看器Data Classification List Viewer 在内容资源管理器中查看文件列表。View the list of files in content explorer. 内容资源管理器列表查看器Content Explorer List Viewer
设备管理Device Management 查看和编辑设备管理功能的设置和报告。View and edit settings and reports for device management features. 合规性管理员Compliance Administrator

合规性数据管理员Compliance Data Administrator

组织管理Organization Management

安全管理员Security Administrator

处置管理Disposition Management 控制在安全与合规中心内访问&处置的权限。Control permissions for accessing Manual Disposition in the Security & Compliance Center. 合规性管理员Compliance Administrator

合规性数据管理员Compliance Data Administrator

记录管理Records Management

DLP 合规性管理DLP Compliance Management 查看和编辑 DLP 策略中的数据丢失防护 () 报告。View and edit settings and reports for data loss prevention (DLP) policies. 合规性管理员Compliance Administrator

合规性数据管理员Compliance Data Administrator

组织管理Organization Management

安全管理员Security Administrator

ExportExport 导出从搜索返回的邮箱和网站内容。Export mailbox and site content that's returned from searches. 电子数据展示管理员eDiscovery Manager
HoldHold 将邮箱、网站和公用文件夹中的内容置于保留状态。Place content in mailboxes, sites, and public folders on hold. 当保留时,内容的副本将存储在安全的位置。When on hold, a copy of the content is stored in a secure location. 内容所有者仍可修改或删除原始内容。Content owners will still be able to modify or delete the original content. 合规性管理员Compliance Administrator

电子数据展示管理员eDiscovery Manager

组织管理Organization Management

IB 合规性管理IB Compliance Management 查看、创建、删除、修改和测试信息屏障策略。View, create, remove, modify, and test Information Barrier policies. 合规性管理员Compliance Administrator

合规性数据管理员Compliance Data Administrator

组织管理Organization Management

安全管理员Security Administrator

内部风险管理管理员Insider Risk Management Admin 创建、编辑、删除和控制对内部风险管理功能的访问。Create, edit, delete, and control access to Insider Risk Management feature. 内部风险管理Insider Risk Management

内部风险管理管理员Insider Risk Management Admins

内部风险管理分析Insider Risk Management Analysis 访问所有内部风险管理警报、案例和通知模板。Access all insider risk management alerts, cases, and notices templates. 内部风险管理Insider Risk Management

预览体验计划风险管理分析员Insider Risk Management Analysts

内部风险管理审核Insider Risk Management Audit 允许查看 Insider Risk 审核线索。Allow viewing Insider Risk audit trails. 内部风险管理审核员Insider Risk Management Auditors
内部风险管理调查Insider Risk Management Investigation 访问所有案例的所有内部风险管理警报、案例、通知模板和内容资源管理器。Access all insider risk management alerts, cases, notices templates, and the Content Explorer for all cases. 内部风险管理Insider Risk Management

预览体验计划风险管理调查员Insider Risk Management Investigators

内部风险管理永久参与Insider Risk Management Permanent contribution 此角色组可见,但仅由后台服务使用。This role group is visible, but is used by background services only. IRM 参与者IRM Contributors
内部风险管理临时参与Insider Risk Management Temporary contribution 此角色组可见,但仅由后台服务使用。This role group is visible, but is used by background services only. IRM 参与者IRM Contributors
管理通知Manage Alerts 查看和编辑警报的设置和报告。View and edit settings and reports for alerts. 合规性管理员Compliance Administrator

合规性数据管理员Compliance Data Administrator

组织管理Organization Management

安全管理员Security Administrator

安全操作员Security Operator

组织配置Organization Configuration 运行、查看和导出审核报告,并管理 DLP、设备和保留的合规性策略。Run, view, and export audit reports and manage compliance policies for DLP, devices, and preservation. 合规性管理员Compliance Administrator

合规性数据管理员Compliance Data Administrator

组织管理Organization Management

预览Preview 查看从内容搜索返回的项目列表,并打开列表中的每个项目以查看其内容。View a list of items that are returned from content searches, and open each item from the list to view its contents. 电子数据展示管理员eDiscovery Manager
隔离Quarantine 允许查看和释放隔离电子邮件。Allows viewing and releasing quarantined email. 隔离管理员Quarantine Administrator

安全管理员Security Administrator

组织管理Organization Management

RecordManagementRecordManagement 查看和编辑记录管理功能的配置。View and edit the configuration of the records management feature. 合规性管理员Compliance Administrator

合规性数据管理员Compliance Data Administrator

组织管理Organization Management

记录管理Records Management

保留管理Retention Management 管理保留策略、保留标签和保留标签策略。Manage retention policies, retention labels, and retention label policies. 合规性管理员Compliance Administrator

合规性数据管理员Compliance Data Administrator

组织管理Organization Management

记录管理Records Management

审阅Review 此角色允许用户在一些情况下访问Advanced eDiscovery集。This role lets users access review sets in Advanced eDiscovery cases. 分配了此角色的用户可以在他们作为成员的 Microsoft 365 合规中心的"电子数据展示">高级"页面上查看和打开事例列表。Users who are assigned this role can see and open the list of cases on the eDiscovery > Advanced page in the Microsoft 365 compliance center that they're members of. 用户访问案例后Advanced eDiscovery,可以选择"审阅集"访问案例数据。 After the user accesses an Advanced eDiscovery case, they can select Review sets to access case data. 此角色不允许用户预览与案例关联的集合搜索的结果,或执行其他搜索或案例管理任务。This role doesn't allow the user to preview the results of a collection search that's associated with the case or do other search or case management tasks. 具有此角色的用户只能访问审阅集内的数据。Users with this role can only access the data in a review set. 电子数据展示管理员eDiscovery Manager

ReviewerReviewer

RMS 解密RMS Decrypt 导出搜索结果时解密受 RMS 保护的内容。Decrypt RMS-protected content when exporting search results. 电子数据展示管理员eDiscovery Manager
角色管理Role Management 管理角色组成员身份并创建或删除自定义角色组。Manage role group membership and create or delete custom role groups. 组织管理Organization Management
搜索和清除Search And Purge 允许用户批量删除与内容搜索条件匹配的数据。Lets people bulk-remove data that matches the criteria of a content search. 组织管理Organization Management
安全管理员Security Administrator 查看和编辑安全功能的配置和报告。View and edit the configuration and reports for Security features. 组织管理Organization Management

安全管理员Security Administrator

安全读者Security Reader 查看安全功能的配置和报告。View the configuration and reports for Security features. 全局读取者Global Reader

组织管理Organization Management

安全操作员Security Operator

安全读取者Security Reader

敏感度标签管理员Sensitivity Label Administrator 查看、创建、修改和删除敏感度标签。View, create, modify, and remove sensitivity labels. 合规性数据管理员Compliance Data Administrator

组织管理Organization Management

安全管理员Security Administrator

敏感度标签阅读器Sensitivity Label Reader 查看敏感度标签的配置和使用。View the configuration and usage of sensitivity labels. 全局读取者Global Reader

组织管理Organization Management

安全读取者Security Reader

服务保障视图Service Assurance View 从服务保障部分下载可用文档。Download the available documents from the Service Assurance section. 内容包括独立审核、合规性文档和与信任相关的指南,Microsoft 365功能来管理法规合规性和安全风险。Content includes independent auditing, compliance documentation, and trust-related guidance for using Microsoft 365 features to manage regulatory compliance and security risks. 全局读取者Global Reader

组织管理Organization Management

服务保证用户Service Assurance User

监管审核管理员Supervisory Review Administrator 管理监管审核策略,包括要审阅的通信和审阅者。Manage supervisory review policies, including which communications to review and who should do the review. 监管审核Supervisory Review
标记参与者Tag Contributor 查看和更新现有用户标记的成员身份。View and update membership of existing user tags. 组织管理Organization Management

安全管理员Security Administrator

安全操作员Security Operator

标记管理器Tag Manager 查看、更新、创建和删除用户标记。View, update, create, and delete user tags. 组织管理Organization Management

安全管理员Security Administrator

标记读取器Tag Reader 对现有用户标记的只读访问。Read-only access to existing user tags. 安全读取者Security Reader
仅供查看审核日志View-Only Audit Logs 查看和导出审核报告。View and export audit reports. 因为这些报告可能包含敏感信息,所以应仅向明确需要查看此信息的人分配此角色。Because these reports might contain sensitive information, you should only assign this role to people with an explicit need to view this information. 合规性管理员Compliance Administrator

合规性数据管理员Compliance Data Administrator

全局读取者Global Reader

组织管理Organization Management

安全管理员Security Administrator

安全操作员Security Operator

仅查看案例View-Only Case 通信合规性Communication Compliance

通信合规调查人员Communication Compliance Investigators

合规性管理员Compliance Administrator

内部风险管理Insider Risk Management

内部风险管理管理员Insider Risk Management Admins

预览体验计划风险管理分析员Insider Risk Management Analysts

预览体验成员风险管理调查人员Insider RiskManagement Investigators

组织管理Organization Management

仅查看设备管理View-Only Device Management 查看设备管理功能的配置和报告。View the configuration and reports for the Device Management feature. 合规性管理员Compliance Administrator

合规性数据管理员Compliance Data Administrator

全局读取者Global Reader

组织管理Organization Management

安全管理员Security Administrator

安全操作员Security Operator

安全读取者Security Reader

仅查看 DLP 合规性管理View-Only DLP Compliance Management 查看 DLP 策略中的数据丢失防护 (报告) 报告。View the settings and reports for data loss prevention (DLP) policies. 合规性管理员Compliance Administrator

合规性数据管理员Compliance Data Administrator

全局读取者Global Reader

组织管理Organization Management

安全管理员Security Administrator

安全操作员Security Operator

安全读取者Security Reader

仅查看 IBM 合规性管理View-Only IB Compliance Management 查看信息屏障功能的配置和报告。View the configuration and reports for the Information Barriers feature. 合规性管理员Compliance Administrator

合规性数据管理员Compliance Data Administrator

全局读取者Global Reader

组织管理Organization Management

安全管理员Security Administrator

安全操作员Security Operator

安全读取者Security Reader

仅查看管理警报View-Only Manage Alerts 查看"管理警报"功能的配置和报告。View the configuration and reports for the Manage Alerts feature. 合规性管理员Compliance Administrator

合规性数据管理员Compliance Data Administrator

全局读取者Global Reader

组织管理Organization Management

安全管理员Security Administrator

安全操作员Security Operator

安全读取者Security Reader

仅查看收件人View-Only Recipients 查看有关用户和组的信息。View information about users and groups. 合规性管理员Compliance Administrator

合规性数据管理员Compliance Data Administrator

全局读取者Global Reader

MailFlow 管理员MailFlow Administrator

组织管理Organization Management

仅查看记录管理View-Only Record Management 查看记录管理功能的配置。View the configuration of the records management feature. 合规性管理员Compliance Administrator

合规性数据管理员Compliance Data Administrator

全局读取者Global Reader

组织管理Organization Management

仅查看保留管理View-Only Retention Management 查看保留策略、保留标签和保留标签策略的配置。View the configuration of retention policies, retention labels, and retention label policies. 合规性管理员Compliance Administrator

合规性数据管理员Compliance Data Administrator

全局管理员Global Administrator

组织管理Organization Management