Company Admins can grant themselves and others additional admin roles once Enterprise Guard is enabled. As a result, the number of Company Admins in your organization should be kept to a minimum. Carefully consider your existing admin configuration and move Company Admins to other roles (such as team or user admin) when appropriate to balance security, compliance, and operational efficiency.
Although recommended, a holistic reevaluation of your admin configuration is not required to deploy Enterprise Guard. Move on to Part 2: Deploy Data Security at your discretion.
Miro admin roles overview
Here’s a list of available admin roles in Miro including a description of responsibilities and who they are suitable for in a typical organization.
✏️ Notes:
- This is an evolving list of roles and privileges. Check this page periodically for updates.
- To assign the Data Governance Admin or Sensitive Content Admin role to a user, you must be a Company Admin.
| Admin role | Responsibilities | Recommended for |
| Company Admins | Responsible for overarching management and delegating specific responsibilities to other admin roles. Should have a broad understanding of the organization's operational needs and compliance obligations. |
|
| Team Admins | Manage team-specific settings and user access within their respective teams. Ensures team autonomy while aligning with broader organizational policies. |
|
| User Admins | Handle user management and licensing. Ideal for managing employee access and accounts. Efficiently manage users without overburdening Company or Team Admins. |
|
| Data Governance Admins (Enterprise Guard) | Responsible for compliance and data governance. Should understand the legal and regulatory landscape relevant to the organization's data, including the organization's retention and disposition policies. |
|
| eDiscovery Admins (Enterprise Guard) | Manage legal hold settings to preserve boards relevant to ongoing investigations or legal cases. This includes creating, modifying, and releasing legal holds or cases to prevent the permanent deletion of content, ensuring compliance with legal and regulatory obligations. This role is crucial for organizations requiring stringent data preservation to support legal proceedings and compliance mandates. |
|
| Sensitive Content Admins (Enterprise Guard) | Responsible for data protection and privacy. Crucial in classifying, managing, and safeguarding sensitive information across the organization. Important for handling PII, PHI, PCI, or intellectual property. |
|
💡 Learn more about admin roles and their privileges in the Enterprise Plan.
Detailed Enterprise Guard privilege and admin role matrix
The following table lists the detailed privileges and admin role matrix for each feature.
| Content lifecycle management | |||
| Privilege | Data Governance Admin |
Sensitive Content Admin |
eDiscovery Admin |
|
View trash settings |
✅ | ❌ | ❌ |
|
Edit trash settings |
✅ | ❌ | ❌ |
|
Add retention policy |
✅ | ❌ | ❌ |
|
Edit retention policy |
✅ | ❌ | ❌ |
|
Delete retention policy |
✅ | ❌ | ❌ |
|
Add disposition policy |
✅ | ❌ | ❌ |
|
Edit disposition policy |
✅ | ❌ | ❌ |
|
Delete disposition policy |
✅ | ❌ | ❌ |
| Data classification | |||
| Privilege | Data Governance Admin | Sensitive Content Admin |
eDiscovery Admin |
|
View data classification settings |
❌ | ✅ | ❌ |
|
Edit classification levels |
❌ | ✅ | ❌ |
|
Edit auto-classification settings |
❌ | ✅ | ❌ |
|
Edit classification guardrails settings |
❌ | ✅ | ❌ |
|
Edit default classification level |
❌ | ✅ | ❌ |
| Data discovery | |||
| Privilege | Data Governance Admin | Sensitive Content Admin | eDiscovery Admin |
|
View privacy labels |
❌ | ✅ | ❌ |
|
Turn privacy data detection on/off |
❌ | ✅ | ❌ |
|
View count of matches - privacy labels |
❌ | ✅ | ❌ |
|
View redacted matches - privacy labels |
❌ | ✅ | ❌ |
|
View full matches - privacy labels |
❌ | ✅ | ❌ |
| eDiscovery | |||
| Privilege | Data Governance Admin | Sensitive Content Admin | eDiscovery Admin |
|
Manage legal hold settings |
❌ | ❌ | ✅ |
|
View legal hold settings |
❌ | ❌ | ✅ |
Table 2: Detailed privileges and admin role matrix for each feature
Transitioning your admin configuration
Audit your current admin configuration
Review the list of users who have admin rights in Miro and their responsibilities. Use the Admin Configuration Assessment Tool to generate a summary of the current state.
- Filter the list of users from the Active users section of Company settings to view Company Admins.
- View the list of User Admins, Data Governance Admins, and Sensitive Content Admins using the Admin role section of the Company settings.
Map a new admin configuration
Compare your current admin configuration against the table above and your company policies. Use the Admin Configuration Assessment Tool to generate a new configuration.
Consider questions such as:
- Who needs the Data Governance role?
- Who needs the Sensitive Content role?
- Which Company Admins can be transitioned to User Admins?
- Which Company Admins can be transitioned to Team Admins?
Reassign roles and inform users
The Help Center articles below show how to assign the various roles. For your convenience, customize the provided email templates to inform users of transitions.
- How to assign Company Admins and Team Admins
- How to assign User Admins, Data Governance Admins, and Sensitive Content Admins
Assign the Data Governance Admin role
✏️ To assign the Data Governance Admin role to a user, you must be a Company Admin.
- Go to your profile settings.
- From a board: Main menu > Preferences > Profile settings.
- From the dashboard: click your avatar in the top-right corner and click Settings.
- From the URL https://miro.com/app/settings: Choose your Company from the list in the top-left corner. - Under User management, click Admin roles.
- On the right pane, click the Data Governance Admin ellipsis (…), and then select Assign role.
- Choose the user to whom you want to assign the Data Governance Admin role to, scroll to the bottom of the window, and then click Assign.
Assign the Sensitive Content Admin role
✏️ To assign the Sensitive Content Admin role to a user, you must be a Company Admin.
- Go to your profile settings.
- From a board: Main menu > Preferences > Profile settings.
- From the dashboard: click your avatar in the top-right corner and click Settings.
- From the URL https://miro.com/app/settings: Choose your Company from the list in the top-left corner. - Under User management, click Admin roles.
- On the right pane, click the Sensitive Content Admin ellipsis (…), and then select Assign role.
- Choose the user to whom you want to assign the Sensitive Content Admin role to, scroll to the bottom of the window, and then click Assign.
Assign the eDiscovery Admin role
✏️ To assign the eDiscovery Admin role to a user, you must be a Company Admin.
- Go to your profile settings.
- From a board: Main menu > Preferences > Profile settings.
- From the dashboard: click your avatar in the top-right corner and click Settings.
- From the URL https://miro.com/app/settings: Choose your Company from the list in the top-left corner. - Under User management, click Admin roles.
- On the right pane, click the eDiscovery Admin ellipsis (…), and then select Assign role.
- Choose the user to whom you want to assign the eDiscovery Admin role to, scroll to the bottom of the window, and then click Assign.
Resources
- Admin Configuration Assessment Tool (make a copy)
- Email Templates | Admin Configuration Communications (make a copy)