安全性與合規性中心中的權限Permissions in the Security & Compliance Center

重要

改良的 Microsoft 365 安全性中心現在可用。The improved Microsoft 365 security center is now available. 這個新的體驗會將適用於端點的 Defender、適用於 Office 365 的 Defender、Microsoft 365 Defender 和更多功能帶到 Microsoft 365 安全性中心。This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 security center. 了解新功能Learn what's new.

適用於Applies to

安全性 & 合規性中心可讓您將許可權授與執行規范工作(如裝置管理、資料遺失防護、eDiscovery、保留等等)的人員。The Security & Compliance Center lets you grant permissions to people who perform compliance tasks like device management, data loss prevention, eDiscovery, retention, and so on. 這些人員只能執行您已明確授與權限的工作。These people can perform only the tasks that you explicitly grant them access to. 若要存取安全性 & 規範中心,使用者必須是全域系統管理員或一或多個安全性 & 規範中心角色群組的成員。To access the Security & Compliance Center, users need to be a global administrator or a member of one or more Security & Compliance Center role groups.

安全性 & 規範中心的許可權是以角色型的存取控制 (RBAC) 許可權模型為基礎。Permissions in the Security & Compliance Center are based on the role-based access control (RBAC) permissions model. RBAC 是 Exchange 所使用的相同許可權模型,因此,如果您熟悉 Exchange,授與安全性 & 規範中心的許可權會非常類似。RBAC is the same permissions model that's used by Exchange, so if you're familiar with Exchange, granting permissions in the Security & Compliance Center will be very similar. 不過,Exchange 角色群組和安全性與合規性中心角色群組並未共用成員資格或權限,It's important to remember, however, that Exchange role groups and Security & Compliance Center role groups don't share membership or permissions. 因此雖然兩者都有組織管理角色群組,但這兩個組織管理角色群組其實並不相同。While both have an Organization Management role group, they aren't the same. 它們所授與的權限和角色群組成員都所有差異。The permissions they grant, and the members of the role groups, are different. 以下是安全性與合規性中心角色群組的清單。There's a list of Security & Compliance Center role groups below.

安全性 & 規範中心內的許可權頁面

成員、角色和角色群組的關係Relationship of members, roles, and role groups

角色 會授與執行一組工作的權限,例如,專案管理角色可讓人員使用電子文件探索案例。A role grants permissions to do a set of tasks; for example, the Case Management role lets people work with eDiscovery cases.

角色群組 是一組角色,可讓使用者在安全性 & 合規性中心執行其工作。A role group is a set of roles that lets people do their jobs across the Security & Compliance Center. 例如,「合規性管理員」角色群組包含其他角色的 (,) 「案例管理」、「內容搜尋」和「組織設定」的角色, (其他) ,因為屬於合規性管理員的人員需要這些工作的許可權才能執行其工作。For example, the Compliance Administrator role group includes (among other roles) the roles for Case Management, Content Search, and Organization Configuration (plus others) because someone who's a compliance admin will need the permissions for those tasks to do their job.

安全性與合規性中心的預設角色群組包含必須指派給人員的最常見工作和功能。The Security & Compliance Center includes default role groups for the most common tasks and functions that you'll need to assign people to. 建議您只要將個別使用者新增為預設角色群組的 成員We recommend simply adding individual users as members to the default role groups.

圖表顯示角色和成員的角色群組關聯性

在安全性與合規性中心使用功能的必要權限Permissions needed to use features in the Security & Compliance Center

下表列出安全性與合規性中心可用的預設角色群組,以及預設指派給角色群組的角色。The following table lists the default role groups that are available in the Security & Compliance Center, and the roles that are assigned to the role groups by default. 若要將執行規範工作的權限授與使用者,請將使用者新增至適當的安全性與合規性中心角色群組。To grant permissions to a user to perform a compliance task, add them to the appropriate Security & Compliance Center role group.

安全性與合規性中心的權限管理只能將安全性與合規性中心本身的規範功能存取權授與使用者。Managing permissions in the Security & Compliance Center only gives users access to the compliance features that are available within the Security & Compliance Center itself. 如果您想授與安全性與合規性中心以外的其他合規性功能權限,例如 Exchange 郵件流程規則 (也稱為傳輸規則),則必須使用 Exchange 系統管理中心。If you want to grant permissions to other compliance features that aren't in the Security & Compliance Center, such as Exchange mail flow rules (also known as transport rules), you need to use the Exchange admin center.

若要查看如何授與安全性 & 規範中心的存取權,請參閱 讓使用者能夠存取 Microsoft 365 合規性系統管理中心To see how to grant access to the Security & Compliance Center, check out Give users access to Microsoft 365 Compliance admin center.

注意

若要在安全性 & 規範中心中查看 [ 許可權 ] 索引標籤,您必須是系統管理員。具體而言,您必須被指派 角色管理 角色,而且該角色預設只會指派給「安全性 & 合規性中心的「 組織管理 」角色群組。To view the Permissions tab in the Security & Compliance Center, you need to be an admin. Specifically, you need to be assigned the Role Management role, and that role is assigned only to the Organization Management role group in the Security & Compliance Center by default. 此外,「 角色管理 」角色可讓使用者查看、建立及修改角色群組。Furthermore, the Role Management role allows users to view, create, and modify role groups.




角色群組Role group 描述Description 已指派預設角色Default roles assigned
通訊相容性Communication Compliance 提供所有通訊符合性角色的許可權:系統管理員、分析員、調查人員和查看者。Provides permission to all the communication compliance roles: administrator, analyst, investigator, and viewer. 案例管理Case Management

通訊合規性管理Communication Compliance Admin

通訊相容性分析Communication Compliance Analysis

通訊規範案例管理Communication Compliance Case Management

通訊相容性調查Communication Compliance Investigation

通訊規範檢視器Communication Compliance Viewer

資料分類意見反應提供者Data Classification Feedback Provider

View-Only 案例View-Only Case

通訊合規性管理員Communication Compliance Administrators 可建立/編輯原則及定義通用設定的通訊合規性管理員。Administrators of communication compliance that can create/edit policies and define global settings. 通訊合規性管理Communication Compliance Admin

通訊規範案例管理Communication Compliance Case Management

通訊相容性分析師Communication Compliance Analysts 可調查原則符合性、查看郵件中繼資料和採取修正動作的通訊規範分析分析員。Analysts of communication compliance that can investigate policy matches, view message meta data, and take remediation actions. 通訊相容性分析Communication Compliance Analysis

通訊規範案例管理Communication Compliance Case Management

通訊合規性調查人員Communication Compliance Investigators 可調查原則相符、查看郵件內容及採取修正動作的通訊規範分析分析員。Analysts of communication compliance that can investigate policy matches, view message content, and take remediation actions. 案例管理Case Management

通訊相容性分析Communication Compliance Analysis

通訊規範案例管理Communication Compliance Case Management

通訊相容性調查Communication Compliance Investigation

資料分類意見反應提供者Data Classification Feedback Provider

View-Only 案例View-Only Case

通訊規範檢視器Communication Compliance Viewers 可存取可用報表和小元件的通訊規範的檢視器。Viewer of communication compliance that can access the available reports and widgets. 通訊規範案例管理Communication Compliance Case Management

通訊規範檢視器Communication Compliance Viewer

合規性系統管理員1Compliance Administrator1 成員可以管理裝置管理、資料外洩防護、報告和保留的設定。Members can manage settings for device management, data loss prevention, reports, and preservation. 案例管理Case Management

合規性系統管理員Compliance Administrator

合規性搜尋Compliance Search

資料分類意見反應提供者Data Classification Feedback Provider

資料分類回饋檢閱者Data Classification Feedback Reviewer

裝置管理Device Management

處置管理Disposition Management

DLP 合規性管理DLP Compliance Management

保留Hold

IB 合規性管理IB Compliance Management

管理警示Manage Alerts

組織組態Organization Configuration

RecordManagementRecordManagement

保留管理Retention Management

僅限檢視稽核記錄View-Only Audit Logs

View-Only 案例View-Only Case

僅限檢視裝置管理View-Only Device Management

僅限檢視 DLP 合規性管理View-Only DLP Compliance Management

僅限檢視 IB 合規性管理View-Only IB Compliance Management

僅限檢視管理警示View-Only Manage Alerts

僅限檢視收件者View-Only Recipients

僅限檢視記錄管理View-Only Record Management

僅限檢視保留管理View-Only Retention Management

合規性資料系統管理員Compliance Data Administrator 成員可以管理裝置管理、資料保護、資料外洩防護、報告和保留的設定。Members can manage settings for device management, data protection, data loss prevention, reports, and preservation. 合規性系統管理員Compliance Administrator

合規性搜尋Compliance Search

裝置管理Device Management

DLP 合規性管理DLP Compliance Management

處置管理Disposition Management

IB 合規性管理IB Compliance Management

管理警示Manage Alerts

組織組態Organization Configuration

RecordManagementRecordManagement

保留管理Retention Management

敏感度標籤系統管理員Sensitivity Label Administrator

僅限檢視稽核記錄View-Only Audit Logs

僅限檢視裝置管理View-Only Device Management

僅限檢視 DLP 合規性管理View-Only DLP Compliance Management

僅限檢視 IB 合規性管理View-Only IB Compliance Management

僅限檢視管理警示View-Only Manage Alerts

僅限檢視收件者View-Only Recipients

僅限檢視記錄管理View-Only Record Management

僅限檢視保留管理View-Only Retention Management

合規性管理員管理員Compliance Manager Administrators 管理範本的建立和修改。Manage template creation and modification. 合規性管理員管理Compliance Manager Administration

合規性管理員評估Compliance Manager Assessment

合規性管理員貢獻Compliance Manager Contribution

合規性管理員讀取者Compliance Manager Reader

合規性管理員評估者Compliance Manager Assessors 建立評估、執行改進動作,以及更新改進動作的測試狀態。Create assessments, implement improvement actions, and update test status for improvement actions. 合規性管理員評估Compliance Manager Assessment

合規性管理員貢獻Compliance Manager Contribution

合規性管理員讀取者Compliance Manager Reader

合規性管理員參與者Compliance Manager Contributors 建立評估,並執行工作以實施改進動作。Create assessments and perform work to implement improvement actions. 合規性管理員貢獻Compliance Manager Contribution

合規性管理員讀取者Compliance Manager Reader

合規性管理員讀者Compliance Manager Readers 查看所有合規性管理員內容,但不包括管理員功能。View all Compliance Manager content except for administrator functions. 合規性管理員讀取者Compliance Manager Reader
內容瀏覽器內容檢視器Content Explorer Content Viewer 在內容瀏覽器中查看內容檔案。View the contents files in Content explorer. 資料分類內容檢視器Data Classification Content Viewer
內容瀏覽器清單檢視器Content Explorer List Viewer 只以清單格式查看內容資源管理器中的所有專案。View all items in Content explorer in list format only. 資料分類清單檢視器Data Classification List Viewer
電子文件探索管理員eDiscovery Manager 這類成員可以執行搜尋及暫時停用信箱、SharePoint Online 網站和商務用 OneDrive 位置。Members can perform searches and place holds on mailboxes, SharePoint Online sites, and OneDrive for Business locations. 成員也可以建立及管理 eDiscovery 案例、新增及移除案例的成員、建立及編輯與案例相關聯的內容搜尋,以及在高級 eDiscovery 中存取案例資料。Members can also create and manage eDiscovery cases, add and remove members to a case, create and edit Content Searches associated with a case, and access case data in Advanced eDiscovery.

電子文件探索系統管理員是獲派額外權限的電子文件探索管理員角色群組成員。An eDiscovery Administrator is a member of the eDiscovery Manager role group who has been assigned additional permissions. 除了電子文件探索管理員可以執行的工作以外,電子文件探索系統管理員可以:In addition to the tasks that an eDiscovery Manager can perform, an eDiscovery Administrator can:

  • 查看組織中的所有 eDiscovery 案例。View all eDiscovery cases in the organization.
  • 在將自我新增為案例成員後,管理任何 eDiscovery 案例。Manage any eDiscovery case after they add themselves as a member of the case.

電子文件探索管理員與電子文件探索系統管理員之間的主要差異在於,電子文件探索系統管理員可以在安全性與合規性中心,存取列在 電子文件探索案例 頁面上的所有案例。The primary difference between an eDiscovery Manager and an eDiscovery Administrator is that an eDiscovery Administrator can access all cases that are listed on the eDiscovery cases page in the Security & Compliance Center. 電子文件探索管理員只能存取他們所建立的案例,或是他們所屬的案例。An eDiscovery manager can only access the cases they created or cases they are a member of. 如需讓使用者成為 eDiscovery 系統管理員的詳細資訊,請參閱 在安全性 & 規範中心指派 eDiscovery 許可權For more information about making a user an eDiscovery Administrator, see Assign eDiscovery permissions in the Security & Compliance Center.

案例管理Case Management

通訊Communication

合規性搜尋Compliance Search

監管人Custodian

匯出Export

保留Hold

預覽Preview

檢閱Review

RMS 解密RMS Decrypt

全域讀取器Global Reader 成員具有報表的唯讀存取權、警示,而且可以查看所有設定和設定。Members have read-only access to reports, alerts, and can see all the configuration and settings.

全域讀取器與安全性讀取器之間的主要差異在於,全域讀取器可以存取 設定和設定The primary difference between Global Reader and Security Reader is that a Global Reader can access configuration and settings.

安全性讀取者Security Reader

敏感度標籤讀取器Sensitivity Label Reader

服務保證檢視Service Assurance View

僅限檢視稽核記錄View-Only Audit Logs

僅限檢視裝置管理View-Only Device Management

僅限檢視 DLP 合規性管理View-Only DLP Compliance Management

僅限檢視 IB 合規性管理View-Only IB Compliance Management

僅限檢視管理警示View-Only Manage Alerts

僅限檢視收件者View-Only Recipients

僅限檢視記錄管理View-Only Record Management

僅限檢視保留管理View-Only Retention Management

有問必答風險管理Insider Risk Management 使用此角色群組來管理單一群組中的組織測試人員風險管理。Use this role group to manage insider risk management for your organization in a single group. 新增指定系統管理員、分析師和調查人員的所有使用者帳戶,就可以在單一群組中設定測試人員風險管理權限。By adding all user accounts for designated administrators, analysts, and investigators, you can configure insider risk management permissions in a single group. 此角色群組包含所有測試人員風險管理權限角色。This role group contains all the insider risk management permission roles. 這是快速開始使用測試人員風險管理最簡單的方法,適合不需要為個別使用者群組定義不同權限的組織。This is the easiest way to quickly get started with insider risk management and is a good fit for organizations that do not need separate permissions defined for separate groups of users. 案例管理Case Management

測試人員風險管理系統管理員Insider Risk Management Admin

有問必答風險管理分析Insider Risk Management Analysis

內幕風險管理調查Insider Risk Management Investigation

View-Only 案例View-Only Case

有問必答風險管理系統管理員Insider Risk Management Admins 使用此角色群組開始設定「有問必答風險管理」和更新後的成員,以將內幕風險管理員與定義的群組隔離。Use this role group to initially configure insider risk management and later to segregate insider risk administrators into a defined group. 此角色群組中的使用者可以建立、讀取、更新及刪除測試人員風險管理原則、全域設定和角色群組指派。Users in this role group can create, read, update, and delete insider risk management policies, global settings, and role group assignments. 案例管理Case Management

測試人員風險管理系統管理員Insider Risk Management Admin

View-Only 案例View-Only Case

測試人員風險管理分析員Insider Risk Management Analysts 使用此群組將權限指派給將擔任測試人員風險案例分析員的使用者。Use this group to assign permissions to users that will act as insider risk case analysts. 此角色群組中的使用者可以存取所有測試人員風險管理警示、案例和通知範本。Users in this role group can access all insider risk management alerts, cases, and notices templates. 他們無法存取測試人員風險內容總管。They cannot access the insider risk Content Explorer. 案例管理Case Management

有問必答風險管理分析Insider Risk Management Analysis

View-Only 案例View-Only Case

內部人員風險管理審計員Insider Risk Management Auditors 使用此群組可將許可權指派給使用者,以進行審核的「內幕風險管理」活動。Use this group to assign permissions to users that will audit insider risk management activities. 這個角色群組中的使用者可以存取「內幕人員風險審核記錄」。Users in this role group can access the insider risk audit log. 內幕風險管理審核Insider Risk Management Audit
測試人員風險管理調查員Insider Risk Management Investigators 使用此群組將權限指派給將擔任測試人員風險資料調查員的使用者。Use this group to assign permissions to users that will act as insider risk data investigators. 此角色群組中的使用者可以存取所有測試人員風險管理警示、案例、通知範本和所有案例的內容總管。Users in this role group can access all insider risk management alerts, cases, notices templates, and the Content Explorer for all cases. 案例管理Case Management

內幕風險管理調查Insider Risk Management Investigation

View-Only 案例View-Only Case

IRM 投稿人IRM Contributors 這個角色群組是可見的,但是只供背景服務使用。This role group is visible, but is used by background services only. 有問必答風險管理的永久貢獻Insider Risk Management Permanent contribution

內部人員風險管理的暫存份額Insider Risk Management Temporary contribution

郵件流程系統管理員MailFlow Administrator 成員可以在安全性與合規性中心監視和檢視郵件流程深入解析和報告。Members can monitor and view mail flow insights and reports in the Security & Compliance Center. 全域管理員可以在此群組中新增一般使用者,但是如果使用者不是 Exchange 系統管理員群組的成員,使用者將無法存取 Exchange 系統管理員相關的工作。Global admins can add ordinary users to this group, but, if the user isn't a member of the Exchange Admin group, the user will not have access to Exchange admin-related tasks. 僅限檢視收件者View-Only Recipients
組織管理1Organization Management1 成員可以控制在安全性與合規性中心中存取功能的權限,也能管理裝置管理、資料遺失防護、報告和保留的設定。Members can control permissions for accessing features in the Security & Compliance Center, and also manage settings for device management, data loss prevention, reports, and preservation.

非全域管理員的使用者必須是 Exchange 系統管理員,才可在 Microsoft 365 ((先前稱為行動裝置管理或 MDM) )所管理的裝置上查看和採取動作。Users who are not global administrators must be Exchange administrators to see and take action on devices that are managed by Basic Mobility and Security for Microsoft 365 (formerly known as Mobile Device Management or MDM).

全域系統管理員會自動新增為此角色群組的成員。Global admins are automatically added as members of this role group.

稽核記錄Audit Logs

案例管理Case Management

合規性系統管理員Compliance Administrator

合規性搜尋Compliance Search

裝置管理Device Management

DLP 合規性管理DLP Compliance Management

保留Hold

IB 合規性管理IB Compliance Management

管理警示Manage Alerts

組織組態Organization Configuration

隔離Quarantine

RecordManagementRecordManagement

保留管理Retention Management

角色管理Role Management

搜尋和清除Search And Purge

安全性系統管理員Security Administrator

安全性讀取者Security Reader

敏感度標籤系統管理員Sensitivity Label Administrator

敏感度標籤讀取器Sensitivity Label Reader

服務保證檢視Service Assurance View

標記參與者Tag Contributor

標記管理員Tag Manager

標記讀取器Tag Reader

僅限檢視稽核記錄View-Only Audit Logs

僅限檢視裝置管理View-Only Device Management

僅限檢視 DLP 合規性管理View-Only DLP Compliance Management

僅限檢視 IB 合規性管理View-Only IB Compliance Management

View-Only 案例View-Only Case

僅限檢視管理警示View-Only Manage Alerts

僅限檢視收件者View-Only Recipients

僅限檢視記錄管理View-Only Record Management

僅限檢視保留管理View-Only Retention Management

隔離系統管理員Quarantine Administrator 成員可以存取所有隔離動作。Members can access all Quarantine actions. 如需詳細資訊,請參閱 在 EOP 中管理被隔離的郵件和檔案為系統管理員For more information, see Manage quarantined messages and files as an admin in EOP 隔離Quarantine
記錄管理Records Management 成員可以設定記錄管理的各個層面,包括保留標籤和處置檢查。Members can configure all aspects of records management, including retention labels and disposition reviews. 處置管理Disposition Management

RecordManagementRecordManagement

保留管理Retention Management

檢閱者Reviewer 成員可以存取 高級 eDiscovery 案例中的審閱集。Members can access review sets in Advanced eDiscovery cases. 這個角色群組的成員可以在 Microsoft 365 規範中心的 [ eDiscovery > 高級 ] 頁面上,查看及開啟案例清單。Members of this role group can see and open the list of cases on the eDiscovery > Advanced page in the Microsoft 365 compliance center that they're members of. 使用者存取高級 eDiscovery 案例後,即可選取 [ 複查集 ] 以存取案例資料。After the user accesses an Advanced eDiscovery case, they can select Review sets to access case data. 此角色不允許使用者預覽與案例相關聯的集合搜尋結果,或執行其他搜尋或案例管理工作。This role doesn't allow the user to preview the results of a collection search that's associated with the case or do other search or case management tasks. 這個角色群組的成員只能存取審閱集中的資料。Members of this role group can only access the data in a review set. 檢閱Review
安全性系統管理員Security Administrator 成員可以存取 Identity Protection Center、特權身分識別管理、監視 Microsoft 365 服務健康情況及安全性 & 合規性中心的許多安全性功能。Members have access to a number of security features of Identity Protection Center, Privileged Identity Management, Monitor Microsoft 365 Service Health, and Security & Compliance Center.

根據預設,此角色群組可能不會有任何成員。By default, this role group may not appear to have any members. 不過,Azure Active Directory 中的安全性系統管理員角色會指派給此角色群組。However, the Security Administrator role from Azure Active Directory is assigned to this role group. 因此,此角色群組會從 Azure Active Directory 繼承安全性管理員角色的功能和成員資格。Therefore, this role group inherits the capabilities and membership of the Security Administrator role from Azure Active Directory.

若要集中管理許可權,請在 Azure Active Directory 系統管理中心新增及移除群組成員。To manage permissions centrally, add and remove group members in the Azure Active Directory admin center. 如需詳細資訊,請參閱 在 Azure Active Directory 中的系統管理員角色許可權For more information, see Administrator role permissions in Azure Active Directory. 如果您在安全性 & 合規性中心編輯此角色群組 (成員資格或角色) ,這些變更只會套用至安全性 & 規範中心,而不會套用至其他任何服務。If you edit this role group in the Security & Compliance Center (membership or roles), those changes apply only to the Security & Compliance Center and not to any other services.

此角色群組包含安全性讀取器角色的所有唯讀許可權,以及相同服務的其他許多管理許可權: Azure 資訊保護、身分識別保護中心、特權身分識別管理、監視 Microsoft 365 服務健康情況,以及安全性 & 合規性中心。This role group includes all of the read-only permissions of the Security reader role, plus a number of additional administrative permissions for the same services: Azure Information Protection, Identity Protection Center, Privileged Identity Management, Monitor Microsoft 365 Service Health, and Security & Compliance Center.

稽核記錄Audit Logs

裝置管理Device Management

DLP 合規性管理DLP Compliance Management

IB 合規性管理IB Compliance Management

管理警示Manage Alerts

隔離Quarantine

安全性系統管理員Security Administrator

敏感度標籤系統管理員Sensitivity Label Administrator

標記參與者Tag Contributor

標記管理員Tag Manager

標記讀取器Tag Reader

僅限檢視稽核記錄View-Only Audit Logs

僅限檢視裝置管理View-Only Device Management

僅限檢視 DLP 合規性管理View-Only DLP Compliance Management

僅限檢視 IB 合規性管理View-Only IB Compliance Management

僅限檢視管理警示View-Only Manage Alerts

安全性操作員Security Operator 成員可以管理安全性警示,也可以檢視安全性功能的報告和設定。Members can manage security alerts, and also view reports and settings of security features. 合規性搜尋Compliance Search

管理警示Manage Alerts

安全性讀取者Security Reader

標記參與者Tag Contributor

標記讀取器Tag Reader

僅限檢視稽核記錄View-Only Audit Logs

僅限檢視裝置管理View-Only Device Management

僅限檢視 DLP 合規性管理View-Only DLP Compliance Management

僅限檢視 IB 合規性管理View-Only IB Compliance Management

僅限檢視管理警示View-Only Manage Alerts

安全性讀取者Security Reader 成員對身分識別保護中心的許多安全性功能具有唯讀存取權、特權身分識別管理、監視 Microsoft 365 服務健康情況,以及安全性 & 合規性中心。Members have read-only access to a number of security features of Identity Protection Center, Privileged Identity Management, Monitor Microsoft 365 Service Health, and Security & Compliance Center.

根據預設,此角色群組可能不會有任何成員。By default, this role group may not appear to have any members. 不過,Azure Active Directory 的安全性讀取器角色會指派給此角色群組。However, the Security Reader role from Azure Active Directory is assigned to this role group. 因此,此角色群組會從 Azure Active Directory 繼承安全性讀者角色的功能和成員資格。Therefore, this role group inherits the capabilities and membership of the Security Reader role from Azure Active Directory.

若要集中管理許可權,請在 Azure Active Directory 系統管理中心新增及移除群組成員。To manage permissions centrally, add and remove group members in the Azure Active Directory admin center. 如需詳細資訊,請參閱 在 Azure Active Directory 中的系統管理員角色許可權For more information, see Administrator role permissions in Azure Active Directory. 如果您在安全性 & 合規性中心編輯此角色群組 (成員資格或角色) ,這些變更只會套用至安全性 & 規範中心,而不會套用至其他任何服務。If you edit this role group in the Security & Compliance Center (membership or roles), those changes apply only to the Security & Compliance Center and not to any other services.

安全性讀取者Security Reader

敏感度標籤讀取器Sensitivity Label Reader

標記讀取器Tag Reader

僅限檢視裝置管理View-Only Device Management

僅限檢視 DLP 合規性管理View-Only DLP Compliance Management

僅限檢視 IB 合規性管理View-Only IB Compliance Management

僅限檢視管理警示View-Only Manage Alerts

服務保證使用者Service Assurance User 成員可以存取安全性 & 合規性中心的服務保證區段。Members can access the Service assurance section in the Security & Compliance Center. 服務保證可提供報告及檔,說明 Microsoft 在 Microsoft 365 中儲存的客戶資料的安全性作法。Service assurance provides reports and documents that describe Microsoft's security practices for customer data that's stored in Microsoft 365. 此外,它還提供 Microsoft 365 上獨立的協力廠商審核報告。It also provides independent third-party audit reports on Microsoft 365. 如需詳細資訊,請參閱 安全性 & 合規性中心中的服務保證For more information, see Service assurance in the Security & Compliance Center. 服務保證檢視Service Assurance View
主管檢閱Supervisory Review 成員可以建立和管理原則,該原則定義了組織中要被檢視的是那些通訊。Members can create and manage the policies that define which communications are subject to review in an organization. 如需詳細資訊,請參閱設定貴組織的通訊合規性原則For more information, see Configure communication compliance policies for your organization. 主管檢閱系統管理員Supervisory Review Administrator

注意

1 此角色群組不會指派搜尋審核記錄所需的許可權,或使用任何可能包含 Exchange 資料的報告,例如 DLP 或 Defender for Office 365 報告。1 This role group doesn't assign members the permissions necessary to search the audit log or to use any reports that might include Exchange data, such as the DLP or Defender for Office 365 reports. 若要搜尋稽核記錄或檢視所有報告,使用者必須在 Exchange Online 中獲指派權限。To search the audit log or to view all reports, a user has to be assigned permissions in Exchange Online. 這是因為用來搜尋稽核記錄的基礎 Cmdlet 是 Exchange Online Cmdlet。This is because the underlying cmdlet used to search the audit log is an Exchange Online cmdlet. 全域管理員可以搜尋審核記錄並查看所有報告,因為這些報告會自動新增為 Exchange Online 中組織管理角色群組的成員。Global admins can search the audit log and view all reports because they're automatically added as members of the Organization Management role group in Exchange Online. 如需詳細資訊,請參閱在 安全性 & 規範中心搜尋審核記錄檔。For more information, see Search the audit log in the Security & Compliance Center.

安全性與合規性中心的角色Roles in the Security & Compliance Center

下表列出預設指派給他們的可用角色以及角色群組。The following table lists the available roles and the role groups that they're assigned to by default.

請注意,下列角色預設不會指派給組織管理角色群組:Note that the following roles aren't assigned to the Organization Management role group by default:

  • 攻擊模擬器管理員Attack Simulator Admin
  • 攻擊模擬器負載編寫者Attack Simulator Payload Author
  • 通訊Communication
  • 通訊合規性管理Communication Compliance Admin
  • 通訊相容性分析Communication Compliance Analysis
  • 通訊規範案例管理Communication Compliance Case Management
  • 通訊相容性調查Communication Compliance Investigation
  • 通訊規範檢視器Communication Compliance Viewer
  • 合規性管理員管理Compliance Manager Administration
  • 合規性管理員評估Compliance Manager Assessment
  • 合規性管理員貢獻Compliance Manager Contribution
  • 合規性管理員讀取者Compliance Manager Reader
  • 監管人Custodian
  • 資料分類內容檢視器Data Classification Content Viewer
  • 資料分類意見反應提供者Data Classification Feedback Provider
  • 資料分類回饋檢閱者Data Classification Feedback Reviewer
  • 資料分類清單檢視器Data Classification List Viewer
  • 處置管理Disposition Management
  • 匯出Export
  • 測試人員風險管理系統管理員Insider Risk Management Admin
  • 有問必答風險管理分析Insider Risk Management Analysis
  • 內幕風險管理審核Insider Risk Management Audit
  • 內幕風險管理調查Insider Risk Management Investigation
  • 有問必答風險管理的永久貢獻Insider Risk Management Permanent contribution
  • 內部人員風險管理的暫存份額Insider Risk Management Temporary contribution
  • 預覽Preview
  • 檢閱Review
  • RMS 解密RMS Decrypt
  • 主管檢閱系統管理員Supervisory Review Administrator




角色Role 描述Description 預設角色群組指派Default role group assignments
攻擊模擬器管理員Attack Simulator Admin 用來建立及管理攻擊類比活動的所有層面。Used to create and manage all aspects of attack simulation campaigns.
攻擊模擬器負載編寫者Attack Simulator Payload Author 用來建立及管理可由攻擊模擬器管理員部署的攻擊負載。Used to create and manage attack payloads that can be deployed by attack simulator administrator.
稽核記錄Audit Logs 開啟並設定組織的審核、查看組織的審計報告,然後將這些報告匯出至檔案。Turn on and configure auditing for the organization, view the organization's audit reports, and then export these reports to a file. 組織管理Organization Management

安全性系統管理員Security Administrator

案例管理Case Management 建立、編輯、刪除及控制電子文件探索案例的存取權。Create, edit, delete, and control access to eDiscovery cases. 通訊合規性Communication Compliance

通訊合規性調查人員Communication Compliance Investigators

合規性系統管理員Compliance Administrator

eDiscovery 管理員eDiscovery Manager

測試人員風險管理Insider Risk Management

有問必答風險管理系統管理員Insider Risk Management Admins

測試人員風險管理分析員Insider Risk Management Analysts

測試人員風險管理調查員Insider Risk Management Investigators

組織管理Organization Management

通訊Communication 管理所有與監管人之間以進階電子文件探索案例識別的通訊。Manage all communications with the custodians identified in an Advanced eDiscovery case. 建立保留通知、保留提醒,以及呈報至管理。Create hold notifications, hold reminders, and escalations to management. 追蹤保留通知的保管人認可,並管理每個保管人所使用之保管人入口網站的存取權,以追蹤識別為保管人之案例的通訊。Track custodian acknowledgment of hold notifications and manage access to the custodian portal that is used by each custodian in a case to track communications for the cases where they were identified as a custodian. 電子文件探索管理員eDiscovery Manager
通訊合規性管理Communication Compliance Admin 用於管理通訊規範功能中的原則。Used to manage policies in the Communication Compliance feature. 通訊合規性Communication Compliance

通訊合規性管理員Communication Compliance Administrators

通訊相容性分析Communication Compliance Analysis 用於進行調查,修復通訊規範功能中的郵件違規。Used to perform investigation, remediation of the message violations in the Communication Compliance feature. 只能查看郵件中繼資料。Can only view message meta data. 通訊合規性Communication Compliance

通訊相容性分析師Communication Compliance Analysts

通訊合規性調查人員Communication Compliance Investigators

通訊規範案例管理Communication Compliance Case Management 用來存取通訊相容性案例。Used to access Communication Compliance cases. 通訊合規性Communication Compliance

通訊合規性管理員Communication Compliance Administrators

通訊相容性分析師Communication Compliance Analysts

通訊合規性調查人員Communication Compliance Investigators

通訊規範檢視器Communication Compliance Viewers

通訊相容性調查Communication Compliance Investigation 用於進行調查、修正,以及在通訊規範功能中檢查郵件違規。Used to perform investigation, remediation, and review message violations in the Communication Compliance feature. 可以查看郵件中繼資料和郵件。Can view message meta data and message. 通訊合規性Communication Compliance

通訊合規性調查人員Communication Compliance Investigators

通訊規範檢視器Communication Compliance Viewer 用於存取通訊規範功能中的報表和小元件。Used to access reports and widgets in the Communication Compliance feature. 通訊合規性Communication Compliance

通訊規範檢視器Communication Compliance Viewers

合規性系統管理員Compliance Administrator 檢視及編輯合規性功能的設定和報告。View and edit settings and reports for compliance features. 合規性系統管理員Compliance Administrator

合規性資料系統管理員Compliance Data Administrator

組織管理Organization Management

合規性管理員管理Compliance Manager Administration 管理範本的建立和修改。Manage template creation and modification. 合規性管理員管理員Compliance Manager Administrators
合規性管理員評估Compliance Manager Assessment 建立評估、執行改進動作,以及更新改進動作的測試狀態。Create assessments, implement improvement actions, and update test status for improvement actions. 合規性管理員管理員Compliance Manager Administrators

合規性管理員評估者Compliance Manager Assessors

合規性管理員貢獻Compliance Manager Contribution 建立評估,並執行工作以實施改進動作。Create assessments and perform work to implement improvement actions. 合規性管理員管理員Compliance Manager Administrators

合規性管理員評估者Compliance Manager Assessors

合規性管理員參與者Compliance Manager Contributors

合規性管理員讀取者Compliance Manager Reader 查看所有合規性管理員內容,但不包括管理員功能。View all Compliance Manager content except for administrator functions. 合規性管理員管理員Compliance Manager Administrators

合規性管理員評估者Compliance Manager Assessors

合規性管理員參與者Compliance Manager Contributors

合規性管理員讀者Compliance Manager Readers

合規性搜尋Compliance Search 跨信箱執行搜尋,並取得結果的估計。Perform searches across mailboxes and get an estimate of the results. 合規性系統管理員Compliance Administrator

合規性資料系統管理員Compliance Data Administrator

電子文件探索管理員eDiscovery Manager

組織管理Organization Management

安全性操作員Security Operator

監管人Custodian 識別和管理進階電子文件探索案例的監管人,並使用 Azure Active Directory 和其他來源的資訊,尋找與監管人相關聯的資料來源。Identify and manage custodians for Advanced eDiscovery cases and use the information from Azure Active Directory and other sources to find data sources associated with custodians. 在案例中將其他資料來源 (例如信箱、SharePoint 網站及 Teams) 與監管人建立關聯。Associate other data sources such as mailboxes, SharePoint sites, and Teams with custodians in a case. 在與監管人相關聯的資料來源進行法務保存措施,以便在案例的內容中保留內容。Place a legal hold on the data sources associated with custodians to preserve content in the context of a case. 電子文件探索管理員eDiscovery Manager
資料分類內容檢視器Data Classification Content Viewer 在內容瀏覽器中查看檔案的就地呈現。View in-place rendering of files in Content explorer. 內容瀏覽器內容檢視器Content Explorer Content Viewer
資料分類意見反應提供者Data Classification Feedback Provider 允許對內容瀏覽器中的分類器提供意見反應。Allows providing feedback to classifiers in content explorer. 通訊合規性Communication Compliance

通訊合規性調查人員Communication Compliance Investigators

合規性系統管理員Compliance Administrator

資料分類回饋檢閱者Data Classification Feedback Reviewer 允許在回饋瀏覽器中審閱來自分類器的意見反應。Allows reviewing feedback from classifiers in feedback explorer. 合規性系統管理員Compliance Administrator
資料分類清單檢視器Data Classification List Viewer 在內容瀏覽器中查看檔案清單。View the list of files in content explorer. 內容瀏覽器清單檢視器Content Explorer List Viewer
裝置管理Device Management 檢視及編輯裝置管理功能的設定和報告。View and edit settings and reports for device management features. 合規性系統管理員Compliance Administrator

合規性資料系統管理員Compliance Data Administrator

組織管理Organization Management

安全性系統管理員Security Administrator

處置管理Disposition Management 在安全性與合規性中心中存取手動處置的權限。Control permissions for accessing Manual Disposition in the Security & Compliance Center. 合規性系統管理員Compliance Administrator

合規性資料系統管理員Compliance Data Administrator

記錄管理Records Management

DLP 合規性管理DLP Compliance Management 檢視及編輯資料外洩防護 (DLP) 原則的設定和報告。View and edit settings and reports for data loss prevention (DLP) policies. 合規性系統管理員Compliance Administrator

合規性資料系統管理員Compliance Data Administrator

組織管理Organization Management

安全性系統管理員Security Administrator

匯出Export 匯出從搜尋傳回的信箱和網站內容。Export mailbox and site content that's returned from searches. 電子文件探索管理員eDiscovery Manager
保留Hold 保留信箱、網站和公用資料夾中的內容。Place content in mailboxes, sites, and public folders on hold. 保留時,內容複本會儲存在安全的位置。When on hold, a copy of the content is stored in a secure location. 內容擁有者仍然可以修改或刪除原始內容。Content owners will still be able to modify or delete the original content. 合規性系統管理員Compliance Administrator

eDiscovery 管理員eDiscovery Manager

組織管理Organization Management

IB 合規性管理IB Compliance Management 檢視、建立、移除、修改及測試資訊屏障原則。View, create, remove, modify, and test Information Barrier policies. 合規性系統管理員Compliance Administrator

合規性資料系統管理員Compliance Data Administrator

組織管理Organization Management

安全性系統管理員Security Administrator

測試人員風險管理系統管理員Insider Risk Management Admin 建立、編輯、刪除及控制對等「內部人員風險管理」功能的存取權。Create, edit, delete, and control access to Insider Risk Management feature. 測試人員風險管理Insider Risk Management

有問必答風險管理系統管理員Insider Risk Management Admins

有問必答風險管理分析Insider Risk Management Analysis 存取所有的內幕人士風險管理提醒、案例及通知範本。Access all insider risk management alerts, cases, and notices templates. 測試人員風險管理Insider Risk Management

測試人員風險管理分析員Insider Risk Management Analysts

內幕風險管理審核Insider Risk Management Audit 允許查看「內幕人員風險」審計追蹤。Allow viewing Insider Risk audit trails. 內部人員風險管理審計員Insider Risk Management Auditors
內幕風險管理調查Insider Risk Management Investigation 存取所有事例的所有內幕風險管理提醒、案例、通知範本及內容瀏覽器。Access all insider risk management alerts, cases, notices templates, and the Content Explorer for all cases. 測試人員風險管理Insider Risk Management

測試人員風險管理調查員Insider Risk Management Investigators

有問必答風險管理的永久貢獻Insider Risk Management Permanent contribution 這個角色群組是可見的,但是只供背景服務使用。This role group is visible, but is used by background services only. IRM 投稿人IRM Contributors
內部人員風險管理的暫存份額Insider Risk Management Temporary contribution 這個角色群組是可見的,但是只供背景服務使用。This role group is visible, but is used by background services only. IRM 投稿人IRM Contributors
管理警示Manage Alerts 檢視及編輯警示的設定和報告。View and edit settings and reports for alerts. 合規性系統管理員Compliance Administrator

合規性資料系統管理員Compliance Data Administrator

組織管理Organization Management

安全性系統管理員Security Administrator

安全性操作員Security Operator

組織組態Organization Configuration 針對 DLP、裝置及保留執行、檢視及匯出稽核報告和管理合規性原則。Run, view, and export audit reports and manage compliance policies for DLP, devices, and preservation. 合規性系統管理員Compliance Administrator

合規性資料系統管理員Compliance Data Administrator

組織管理Organization Management

預覽Preview 檢視從內容搜尋傳回的項目清單,並且從清單開啟每個項目以檢視其內容。View a list of items that are returned from content searches, and open each item from the list to view its contents. 電子文件探索管理員eDiscovery Manager
隔離區Quarantine 允許查看和解除隔離的電子郵件。Allows viewing and releasing quarantined email. 隔離系統管理員Quarantine Administrator

安全性系統管理員Security Administrator

組織管理Organization Management

RecordManagementRecordManagement 查看及編輯記錄管理功能的設定。View and edit the configuration of the records management feature. 合規性系統管理員Compliance Administrator

合規性資料系統管理員Compliance Data Administrator

組織管理Organization Management

記錄管理Records Management

保留管理Retention Management 管理保留原則、保留標籤和保留標籤原則。Manage retention policies, retention labels, and retention label policies. 合規性系統管理員Compliance Administrator

合規性資料系統管理員Compliance Data Administrator

組織管理Organization Management

記錄管理Records Management

檢閱Review 此角色可讓使用者在高級 eDiscovery 案例中存取審閱集。This role lets users access review sets in Advanced eDiscovery cases. 獲指派此角色的使用者可以在 Microsoft 365 規範中心的 [ eDiscovery > 高級 ] 頁面上,查看及開啟案例清單。Users who are assigned this role can see and open the list of cases on the eDiscovery > Advanced page in the Microsoft 365 compliance center that they're members of. 使用者存取高級 eDiscovery 案例後,即可選取 [ 複查集 ] 以存取案例資料。After the user accesses an Advanced eDiscovery case, they can select Review sets to access case data. 此角色不允許使用者預覽與案例相關聯的集合搜尋結果,或執行其他搜尋或案例管理工作。This role doesn't allow the user to preview the results of a collection search that's associated with the case or do other search or case management tasks. 具有此角色的使用者只可以存取審閱集中的資料。Users with this role can only access the data in a review set. 電子文件探索管理員eDiscovery Manager

檢閱者Reviewer

RMS 解密RMS Decrypt 在匯出搜尋結果時解密受 RMS 保護的內容。Decrypt RMS-protected content when exporting search results. 電子文件探索管理員eDiscovery Manager
角色管理Role Management 管理角色群組成員資格,以及建立或刪除自訂角色群組。Manage role group membership and create or delete custom role groups. 組織管理Organization Management
搜尋和清除Search And Purge 讓人員大量移除符合內容搜尋準則的資料。Lets people bulk-remove data that matches the criteria of a content search. 組織管理Organization Management
安全性系統管理員Security Administrator 檢視及編輯安全性功能的設定和報告。View and edit the configuration and reports for Security features. 組織管理Organization Management

安全性系統管理員Security Administrator

安全性讀取者Security Reader 檢視安全性功能的設定和報告。View the configuration and reports for Security features. 全域讀取者Global Reader

組織管理Organization Management

安全性操作員Security Operator

安全性讀取者Security Reader

敏感度標籤系統管理員Sensitivity Label Administrator 檢視、建立、修改及移除敏感度標籤。View, create, modify, and remove sensitivity labels. 合規性資料系統管理員Compliance Data Administrator

組織管理Organization Management

安全性系統管理員Security Administrator

敏感度標籤讀取器Sensitivity Label Reader 查看敏感度標籤的設定與使用方式。View the configuration and usage of sensitivity labels. 全域讀取者Global Reader

組織管理Organization Management

安全性讀取者Security Reader

服務保證檢視Service Assurance View 從 [服務保證] 區段下載可用的文件。Download the available documents from the Service Assurance section. 內容包含獨立的審計、規範檔,以及使用 Microsoft 365 功能管理法規合規性和安全性風險的信任相關指導方針。Content includes independent auditing, compliance documentation, and trust-related guidance for using Microsoft 365 features to manage regulatory compliance and security risks. 全域讀取者Global Reader

組織管理Organization Management

服務保證使用者Service Assurance User

主管檢閱系統管理員Supervisory Review Administrator 管理主管審查原則,包括要檢查的通訊和審閱的人員。Manage supervisory review policies, including which communications to review and who should do the review. 主管檢閱Supervisory Review
標記參與者Tag Contributor 查看和更新現有使用者標記的成員資格。View and update membership of existing user tags. 組織管理Organization Management

安全性系統管理員Security Administrator

安全性操作員Security Operator

標記管理員Tag Manager View、update、create 及 delete user tags。View, update, create, and delete user tags. 組織管理Organization Management

安全性系統管理員Security Administrator

標記讀取器Tag Reader 對現有使用者標記的唯讀存取權。Read-only access to existing user tags. 安全性讀取者Security Reader
僅限檢視稽核記錄View-Only Audit Logs 檢視及匯出稽核報告。View and export audit reports. 由於這些報告可能包含敏感性資訊,因此您應該僅將此角色指派給明確需要檢視此資訊的人員。Because these reports might contain sensitive information, you should only assign this role to people with an explicit need to view this information. 合規性系統管理員Compliance Administrator

合規性資料系統管理員Compliance Data Administrator

全域讀取者Global Reader

組織管理Organization Management

安全性系統管理員Security Administrator

安全性操作員Security Operator

View-Only 案例View-Only Case 通訊合規性Communication Compliance

通訊合規性調查人員Communication Compliance Investigators

合規性系統管理員Compliance Administrator

測試人員風險管理Insider Risk Management

有問必答風險管理系統管理員Insider Risk Management Admins

測試人員風險管理分析員Insider Risk Management Analysts

內部 RiskManagement 調查人員Insider RiskManagement Investigators

組織管理Organization Management

僅限檢視裝置管理View-Only Device Management 檢視裝置管理功能的設定和報告。View the configuration and reports for the Device Management feature. 合規性系統管理員Compliance Administrator

合規性資料系統管理員Compliance Data Administrator

全域讀取者Global Reader

組織管理Organization Management

安全性系統管理員Security Administrator

安全性操作員Security Operator

安全性讀取者Security Reader

僅限檢視 DLP 合規性管理View-Only DLP Compliance Management 檢視資料外洩防護 (DLP) 原則的設定和報告。View the settings and reports for data loss prevention (DLP) policies. 合規性系統管理員Compliance Administrator

合規性資料系統管理員Compliance Data Administrator

全域讀取者Global Reader

組織管理Organization Management

安全性系統管理員Security Administrator

安全性操作員Security Operator

安全性讀取者Security Reader

僅限檢視 IB 合規性管理View-Only IB Compliance Management 檢視資訊屏障功能的設定和報告。View the configuration and reports for the Information Barriers feature. 合規性系統管理員Compliance Administrator

合規性資料系統管理員Compliance Data Administrator

全域讀取者Global Reader

組織管理Organization Management

安全性系統管理員Security Administrator

安全性操作員Security Operator

安全性讀取者Security Reader

僅限檢視管理警示View-Only Manage Alerts 檢視管理警示功能的設定和報告。View the configuration and reports for the Manage Alerts feature. 合規性系統管理員Compliance Administrator

合規性資料系統管理員Compliance Data Administrator

全域讀取者Global Reader

組織管理Organization Management

安全性系統管理員Security Administrator

安全性操作員Security Operator

安全性讀取者Security Reader

僅限檢視收件者View-Only Recipients 檢視使用者和群組的相關資訊。View information about users and groups. 合規性系統管理員Compliance Administrator

合規性資料系統管理員Compliance Data Administrator

全域讀取者Global Reader

郵件流程系統管理員MailFlow Administrator

組織管理Organization Management

僅限檢視記錄管理View-Only Record Management 查看記錄管理功能的設定。View the configuration of the records management feature. 合規性系統管理員Compliance Administrator

合規性資料系統管理員Compliance Data Administrator

全域讀取者Global Reader

組織管理Organization Management

僅限檢視保留管理View-Only Retention Management 查看保留原則、保留標籤和保留標籤原則的設定。View the configuration of retention policies, retention labels, and retention label policies. 合規性系統管理員Compliance Administrator

合規性資料系統管理員Compliance Data Administrator

全域系統管理員Global Administrator

組織管理Organization Management