Microsoft Purview · DSPM (Preview)

DSPM Viewer (Preview)

[Preview] View-only access to the unified Data Security Posture Management dashboards, reports, objectives, and data risk assessments. Uses Security Reader role group — does NOT require classic Data Security Viewer role.

Scope: Organization-wide read-only access to DSPM (Preview) dashboards, reports, and objectives. Cannot create policies, complete actions, or modify settings.

Permissions

  • Posture Dashboard - View key posture metrics, data snapshot, and posture trends chart
  • Objectives - View all data security objectives and their current status
  • Remediation Plans - View remediation plan details and completion status for objectives
  • Recommendations - View all recommendation cards (cannot complete actions)
  • Reports - View all graphs from the Reports page
  • Policy List - View DLP and Information Protection policies (excludes IRM and Comm Compliance policies)
  • Activity Explorer - View events in Activity Explorer (AI activities and all activity types, excludes IRM events)
  • Data Risk Assessments - View existing data risk assessments (cannot create)
  • AI Observability - View Apps and agents page showing AI app usage
  • Risk Patterns - View risk patterns and posture trends
  • Setup Steps - View all getting started steps and their completion status (excludes Audit and Extend Insights status)

Common use cases

  • Executive leadership monitoring organizational data security posture for reporting
  • Security managers generating compliance metrics and trend reports
  • Audit committee members reviewing data protection program effectiveness
  • External auditors assessing DSPM implementation during compliance reviews
  • Risk management teams monitoring data security risk exposure
  • Business unit leaders tracking data security metrics for their departments
  • Security consultants reviewing DSPM configuration and posture
  • Privacy officers monitoring data protection trends and policy coverage
  • SOC analysts monitoring DSPM dashboards without configuration access

Best practices

  • Use for executive dashboards and compliance reporting to leadership and board
  • Generate regular DSPM reports showing data security posture trends over time
  • Review objective progress and remediation plan completion for program health
  • Monitor risk patterns to identify emerging data security issues
  • Export report data for custom Power BI dashboards and executive presentations
  • Coordinate with DSPM Full Access holders to recommend improvements
  • Track policy coverage metrics against organizational security requirements
  • Monitor AI observability for new AI apps and agent usage patterns
  • Review data risk assessments to understand oversharing risk landscape

Security considerations

  • Read-only access - cannot create policies or modify settings, lowest risk DSPM role
  • Cannot view IRM policies or Communication Compliance policies without additional roles
  • Cannot view Audit activation status or Extend Insights status
  • Cannot view Security Copilot insights (requires Data Security Viewer role)
  • Safe for external auditors and oversight functions with minimal privacy impact
  • Report data may reveal organizational security gaps - handle appropriately
  • AI observability shows organizational AI adoption patterns - may be business-sensitive

Official Microsoft Learn documentation →

Open the interactive RBACMap →