Microsoft Purview · DSPM (Preview)
DSPM Viewer (Preview)
[Preview] View-only access to the unified Data Security Posture Management dashboards, reports, objectives, and data risk assessments. Uses Security Reader role group — does NOT require classic Data Security Viewer role.
Scope: Organization-wide read-only access to DSPM (Preview) dashboards, reports, and objectives. Cannot create policies, complete actions, or modify settings.
Permissions
- Posture Dashboard - View key posture metrics, data snapshot, and posture trends chart
- Objectives - View all data security objectives and their current status
- Remediation Plans - View remediation plan details and completion status for objectives
- Recommendations - View all recommendation cards (cannot complete actions)
- Reports - View all graphs from the Reports page
- Policy List - View DLP and Information Protection policies (excludes IRM and Comm Compliance policies)
- Activity Explorer - View events in Activity Explorer (AI activities and all activity types, excludes IRM events)
- Data Risk Assessments - View existing data risk assessments (cannot create)
- AI Observability - View Apps and agents page showing AI app usage
- Risk Patterns - View risk patterns and posture trends
- Setup Steps - View all getting started steps and their completion status (excludes Audit and Extend Insights status)
Common use cases
- Executive leadership monitoring organizational data security posture for reporting
- Security managers generating compliance metrics and trend reports
- Audit committee members reviewing data protection program effectiveness
- External auditors assessing DSPM implementation during compliance reviews
- Risk management teams monitoring data security risk exposure
- Business unit leaders tracking data security metrics for their departments
- Security consultants reviewing DSPM configuration and posture
- Privacy officers monitoring data protection trends and policy coverage
- SOC analysts monitoring DSPM dashboards without configuration access
Best practices
- Use for executive dashboards and compliance reporting to leadership and board
- Generate regular DSPM reports showing data security posture trends over time
- Review objective progress and remediation plan completion for program health
- Monitor risk patterns to identify emerging data security issues
- Export report data for custom Power BI dashboards and executive presentations
- Coordinate with DSPM Full Access holders to recommend improvements
- Track policy coverage metrics against organizational security requirements
- Monitor AI observability for new AI apps and agent usage patterns
- Review data risk assessments to understand oversharing risk landscape
Security considerations
- Read-only access - cannot create policies or modify settings, lowest risk DSPM role
- Cannot view IRM policies or Communication Compliance policies without additional roles
- Cannot view Audit activation status or Extend Insights status
- Cannot view Security Copilot insights (requires Data Security Viewer role)
- Safe for external auditors and oversight functions with minimal privacy impact
- Report data may reveal organizational security gaps - handle appropriately
- AI observability shows organizational AI adoption patterns - may be business-sensitive
Common questions
When should I assign the DSPM Viewer (Preview) role?
Assign DSPM Viewer (Preview) when you need to: Executive leadership monitoring organizational data security posture for reporting; Security managers generating compliance metrics and trend reports; Audit committee members reviewing data protection program effectiveness; External auditors assessing DSPM implementation during compliance reviews; and Risk management teams monitoring data security risk exposure. It is part of Microsoft Purview and should be granted as a least-privilege alternative to broader roles like Global Administrator.
What can someone with the DSPM Viewer (Preview) role do?
The DSPM Viewer (Preview) role grants permissions including: Posture Dashboard - View key posture metrics, data snapshot, and posture trends chart; Objectives - View all data security objectives and their current status; Remediation Plans - View remediation plan details and completion status for objectives; Recommendations - View all recommendation cards (cannot complete actions); Reports - View all graphs from the Reports page; and Policy List - View DLP and Information Protection policies (excludes IRM and Comm Compliance policies). See the Permissions section above for the full list.
What are the security risks of the DSPM Viewer (Preview) role?
Key considerations when assigning DSPM Viewer (Preview): Read-only access - cannot create policies or modify settings, lowest risk DSPM role; Cannot view IRM policies or Communication Compliance policies without additional roles; Cannot view Audit activation status or Extend Insights status; and Cannot view Security Copilot insights (requires Data Security Viewer role). Review the Security considerations section before assignment, and pair with Privileged Identity Management (PIM) for just-in-time access where possible.