Microsoft Purview · Records Management

View-Only Records Management

Read-only access to records management features for auditing, compliance reporting, and oversight without modification permissions.

Scope: Read-only access to all records management features across entire organization for audit and oversight

Permissions

  • File Plan - View file plan with all retention labels, schedules, and regulatory metadata
  • Reports - Access comprehensive records management reports and analytics dashboards
  • Disposition Queue - View disposition review queue, status, and history without approval permissions
  • Configuration - Review records management configuration including event types and auto-apply policies
  • Export - Export reports and analytics for compliance documentation and audit purposes
  • Label Analytics - View retention label analytics: application counts, locations, user vs auto-applied
  • Disposition History - Access disposition history and proof of disposal records for audit trail review
  • Record Versioning - View record versioning settings and locked vs unlocked record status
  • Event-Based Retention - Review event-based retention configuration and triggered events
  • File Plan Descriptors - Monitor file plan descriptor usage (function, category, authority, citation)
  • Regulatory Records - View regulatory record vs standard record configuration and restrictions
  • Tenant Settings - Access tenant-level records management settings (read-only)

Common use cases

  • External auditors reviewing records management program for regulatory compliance assessments
  • Compliance reporting and analytics for management, board, or regulatory submissions
  • Management oversight of records management practices and governance maturity
  • Training new records management staff on current configuration before granting full permissions
  • Legal team review of retention schedules and disposition workflows during litigation prep
  • Third-party consultants assessing records management program effectiveness
  • Internal audit teams verifying adherence to records retention policies and schedules
  • Compliance officers generating evidence for SEC, FINRA, FDA, or other regulatory audits
  • Business unit leaders monitoring records management coverage and label application rates
  • IT teams reviewing technical configuration without risk of accidental changes

Best practices

  • Use for audit and oversight purposes - ideal for external auditors and consultants
  • Generate regular compliance reports for management dashboards and board reporting
  • Monitor disposition review progress to identify potential backlogs or workflow issues
  • Identify gaps in records management coverage by analyzing label application analytics
  • Export file plan periodically for offline review and compliance documentation
  • Review proof of disposal records to verify proper destruction of expired content
  • Compare retention label configuration against regulatory requirements during audits
  • Monitor event-based retention triggers to ensure business processes are properly configured
  • Use analytics to identify over-application or under-application of record labels
  • Verify alignment between file plan descriptors and organizational classification taxonomy
  • Review disposition history to ensure timely processing and approval of retention expirations
  • Coordinate with Records Management role holders to recommend improvements based on observations

Security considerations

  • Cannot make changes - lowest risk records management role for external parties
  • Can view sensitive retention schedules and disposition information - assign carefully
  • Export capabilities should be monitored - may contain confidential retention metadata
  • May view proof of disposal evidence which could be sensitive during litigation
  • File plan export reveals organizational classification and retention strategy
  • Disposition history may reveal sensitive business information about content types
  • Should have data handling agreements for external auditors or consultants
  • Access to retention label analytics may reveal information protection gaps
  • Consider time-limited assignments for external auditors (disable after audit completion)
  • Monitor export activity to ensure compliance with data protection policies

Official Microsoft Learn documentation →

Open the interactive RBACMap →