Help Center

Find help articles, support information and more.

Audit Vault for M365 Roles and Permissions

In this guide we provide an overview of the Roles and Permissions in Audit Vault for M365. We also cover the best practices for how to ensure you are managing the roles and user membership over time.

Audit Vault for M365 fully integrates seamlessly with Microsoft 365 (Office 365). Any user in your Organization or Microsoft Tenant can be granted access by being added to a Role Group in this Application. Similar to Microsoft 365 – our application also uses Role Groups to manage access to different functionality.

User and Role Overview

  • Users: Any user within your Microsoft 365 Organization or Tenant.
  • Roles: A group that can contain users. Roles or groups are used to provide access to a specific set of functionality in the application. You would want to add the users to the role / group that you wish those users to possess.

Built-in Role Groups

Every role listed below provides a top-down flow of permissions, meaning the top role has the all of the privileges of the roles below it, and conversely a lower role does not have the same permissions / access of the role above it.

  • Company Administrator:
    • Description:
      • Has full access to all management features in this application
    • Who should be assigned to this role:
      • Assign the Company Administrator role to users who need access to all permissions, features and data across the application. Giving too many users Company Administrator access is a security risk. We recommend that you have between 2 and 4 Company Administrators.
      • Note: The person who signed up for this service was automatically assigned as a Company Administrator. You should evaluate to ensure that person should have that level of access.
    • Access:
      • Manage Company Settings
      • Manage Users
      • Manage Role Assignments
      • Manage Billing
      • And all access from the roles below
  • Tenant Administrator
    • Description:
      • Privileged users who can manage the specified Tenant in this application
    • Who should be assigned to this role:
      • Assign the Tenant Administrator role to users who need access to administer the day-to-day operations of the application. This includes granting users’ access, running reports and reviewing the status of the application. We recommend that you have between 2 and 4 Tenant Administrators.
    • Access
      • Manage Tenant Role Assignments
      • Manage Tenant Settings
      • View, Run, Manage and Delete any Insights Searches that belong to the Tenant
      • And all access from the roles below
  • Tenant Report Readers
    • Description:
      • Can run and view reports, insights searches, and view audit information for the specified Tenant
    • Who should be assigned to this role:
      • Assign the Tenant Report Reader role to users who need access to run and view reports, insight searches, and view audit information for the specified Tenant.
    • Access
      • View and Run Reports
      • View, Run, Manage and Delete your own Insight Searches
      • And all access from the roles below
  • Tenant Viewers
    • Description:
      • Can view Tenant status, and can be used to manage access to SharePoint View Item Audit History Page for the Tenant
    • Who should be assigned to this role:
      • Assign the Tenant Viewer role to users who need access to view App status, and can be used to manage access to SharePoint View Item Audit History Page for the Tenant.
    • Access
      • View Tenant Status, and option for access to the SharePoint View Item Audit History Page for the Tenant

Best Practices

Planning out your permissions and first-use in your organization

  • List out who needs access to which roles in your organization
  • You can simply use the role groups to manage who has access to what for Audit Vault for M365
  • When first setting up Audit Vault for M365 - based on your list, add the appropriate users to the role groups

Periodic review of permissions

  • The Company or Tenant Administrator(s) should perform a review (ex. Quarterly) of your role membership to ensure they are accurate and still valid. Review the role membership and determine if user membership is still valid or have users changed roles and need to be removed or added from a role. Perform updates to role membership as required.

Use care when assigning users to Audit Vault for M365 role groups - as that will effectively grant those users the permissions provided by that role group.

Have Questions? Reach out to support by clicking the button below.

Contact Us »