Microsoft Purview · DSPM (Classic)
Data Security Viewer
Read-only access to DSPM dashboard insights, analytics, and Security Copilot for viewing data security posture without policy modification or investigation.
Scope: Read-only DSPM dashboard, analytics, and Security Copilot access for oversight and reporting
Permissions
- View Data Security Posture Management (DSPM) dashboard insights and reports
- Use Microsoft Security Copilot for Security to view detailed DSPM information and AI-powered analysis
- Access DSPM analytics trends showing sensitivity label usage and DLP policy coverage
- View data security recommendations (cannot create policies)
- Review unprotected sensitive assets reports and risk visualization
- Monitor risky user behavior trends and data movement patterns
- Access DSPM reports on data security posture over time
- View top data security risks and vulnerabilities across organization
- Use Security Copilot promptbooks for read-only investigation and risk identification
- Review sensitivity label application coverage and classification effectiveness
- View DLP policy effectiveness metrics and gap analysis
- Monitor Insider Risk Management alert volumes and trends
- Access aggregate analytics without individual user investigation access
Common use cases
- Executive leadership monitoring overall data security posture for board reporting
- Security managers generating compliance metrics and trend reports for leadership
- Audit committee members reviewing data protection program effectiveness
- External auditors assessing DSPM implementation and coverage during compliance reviews
- Risk management teams monitoring organizational data security risk exposure
- Compliance reporting specialists creating regulatory compliance documentation
- Business unit leaders tracking data security metrics for their departments
- Security consultants reviewing DSPM configuration and recommendations
- Privacy officers monitoring data protection trends and unprotected asset reduction
- Program managers tracking data security initiative progress and ROI
- SOC analysts using Security Copilot for read-only threat intelligence without investigation
- Internal auditors verifying data security controls and policy coverage
- Management dashboards displaying real-time data security posture to stakeholders
Best practices
- Use for executive dashboards and governance reporting to leadership and board
- Generate regular DSPM reports showing data security posture improvement trends
- Use Security Copilot to explore top data security risks and recommended actions
- Monitor unprotected sensitive assets trends to measure policy effectiveness
- Track sensitivity label usage and DLP policy coverage metrics for maturity assessment
- Review risky user behavior trends to identify training needs or process gaps
- Export DSPM analytics for custom Power BI dashboards and executive presentations
- Share aggregate data security metrics while protecting individual user privacy
- Benchmark DSPM metrics against industry standards and best practices
- Coordinate with Data Security Management role holders to recommend improvements
- Use DSPM reports for quarterly compliance board updates and audit documentation
- Monitor DSPM recommendation trends to understand evolving organizational risk patterns
- Leverage Security Copilot promptbooks to quickly understand complex data security issues
- Track data security posture changes over time to demonstrate program value and ROI
Security considerations
- Cannot create policies, investigate users, or access Content Explorer - minimal privacy risk
- Read-only access to aggregate data and trends only - safe for broad executive access
- Security Copilot access provides AI-powered insights without investigation capabilities
- Lowest risk DSPM role - appropriate for external auditors and oversight functions
- Cannot view individual user activities or file content - maintains privacy boundaries
- DSPM dashboard may reveal organizational data security gaps and vulnerabilities
- Recommendation visibility shows potential policy weaknesses - protect from unauthorized disclosure
- Analytics trends may indirectly indicate business-sensitive activities or risk areas
- Security Copilot responses based on DSPM data - ensure appropriate use of AI insights
- Export capabilities should be monitored - reports may contain strategic security information
- Administrative units restrictions may limit DSPM visibility - verify permissions
Common questions
When should I assign the Data Security Viewer role?
Assign Data Security Viewer when you need to: Executive leadership monitoring overall data security posture for board reporting; Security managers generating compliance metrics and trend reports for leadership; Audit committee members reviewing data protection program effectiveness; External auditors assessing DSPM implementation and coverage during compliance reviews; and Risk management teams monitoring organizational data security risk exposure. It is part of Microsoft Purview and should be granted as a least-privilege alternative to broader roles like Global Administrator.
What can someone with the Data Security Viewer role do?
The Data Security Viewer role grants permissions including: View Data Security Posture Management (DSPM) dashboard insights and reports; Use Microsoft Security Copilot for Security to view detailed DSPM information and AI-powered analysis; Access DSPM analytics trends showing sensitivity label usage and DLP policy coverage; View data security recommendations (cannot create policies); Review unprotected sensitive assets reports and risk visualization; and Monitor risky user behavior trends and data movement patterns. See the Permissions section above for the full list.
What are the security risks of the Data Security Viewer role?
Key considerations when assigning Data Security Viewer: Cannot create policies, investigate users, or access Content Explorer - minimal privacy risk; Read-only access to aggregate data and trends only - safe for broad executive access; Security Copilot access provides AI-powered insights without investigation capabilities; and Lowest risk DSPM role - appropriate for external auditors and oversight functions. Review the Security considerations section before assignment, and pair with Privileged Identity Management (PIM) for just-in-time access where possible.