Forum Discussion
Global Reader Role Creating Retention Policies in Purview Compliance: Bug or Intended Behaviour?
Did you know that a user with the Global Reader role in Purview Compliance can create and edit retention policies? Interestingly, while they can create and modify policies, they cannot delete them.
The expected behaviour for a Global Reader is read-only access across Microsoft 365, without the ability to make any changes, including creating or editing policies.
Has anyone else encountered this, and do you think this is a bug or an intended feature?
- Nadia-Fortini
Microsoft
Thanks for this information VasilMichev. I will pass this information along to the RBAC feature owner.
It's certainly not the expected behavior, but I'm not able to reproduce it. My bet would be that you have some (perhaps purview-specific) other role assigned to the user, besides Global reader. Double-check for that. If you are certain this is not the case and can reproduce the behavior with another user, best report it to Microsoft via support.
In my tests, the Create retention policy button is indeed visible for the user and he can even go through all the steps of the wizard, but pressing the Submit button will result in an error (basically telling you the necessary permissions are missing). It's certainly not a great user experience, but not a security/permissions issue.Perhaps Nadia-Fortini can take a note on this.
