The requirement is:
You need to provide a user with the ability to view DLP alerts in the Microsoft Purview portal. The solution must use the principle of least privilege.
Step 1 - Understanding the roles
Compliance Administrator # Full access to compliance features, including creating/editing policies. This is more than needed (not least privilege).
Compliance Data Administrator # Can manage compliance features and data governance, but still more permissions than required.
Security Operator # Can view and respond to active security incidents and alerts, which is more than just viewing DLP alerts.
Security Reader # Read-only access to security-related features, including viewing DLP alerts, Microsoft Purview alerts, incidents, reports, and recommendations. This matches the requirement precisely.
Step 2 - Microsoft Documentation
Microsoft Learn states:
Security Reader role:
"Can view and investigate security events, reports, and alerts without the ability to make changes."
# Reference: Microsoft Entra built-in roles - Security Reader
Step 3 - Apply the principle of least privilege
Since the user only needs to view DLP alerts (not create or manage policies), the Security Reader role is the minimal role with sufficient permissions.