Reports reader role

Question

Hi,

Just to clarify , apart for user can we assign "Report reader" role apart to Resource Group or VM (VM is assigned with system assigned managed identity)

@SadiqhAhmed-MSFT

regards,
Furqhan

Answer 1

@Mohammed Furqhan A
Thank you for your post!

Assigning the Report Reader built-in role to a Resource Group or VM isn't possible, because the Report Reader is currently an Azure AD role-based access control (RBAC) role.

Azure AD RBAC:
Azure AD built-in and custom roles operate on concepts similar to Azure RBAC. However, The difference between these two role-based access control systems are:

• Azure AD RBAC roles control access to Azure AD resources such as users, groups, and applications using the Microsoft Graph API
• Azure RBAC roles control access to Azure resources such as virtual machines or storage using Azure Resource Management

Azure AD RBAC Scope

Azure RBAC:
Azure RBAC is an authorization system built on Azure Resource Manager (ARM) that provides fine-grained access management of Azure resources.

Azure RBAC Scope

Additional 3rd party Link:
Difference Between Azure AD Roles And Role-Based Access Control (RBAC)

If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.

----------

Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

Answer 2

If someone has a Microsoft 365 subscription.
From the Microsoft 365 admin center, you create a new user,then you plan to assign the Reports reader role to the user.
For someone view the permissions of the Reports reader role.
Which admin center should one use? AAD or M365 ?

Regards,
Joseph Kilonzo
jkilonzo.jk@Stuff .com