Here are the two principles of Azure RBAC precedence:
Azure RBAC is an additive model, so your effective permissions are the sum of your role assignments. Consider the following example where a user is granted the Contributor role at the subscription scope and the Reader role on a resource group. The sum of the Contributor permissions and the Reader permissions is effectively the Contributor role for the subscription. Therefore, in this case, the Reader role assignment has no impact.
Deny assignments block users from performing specified actions even if a role assignment grants them access. Deny assignments take precedence over role assignments.
In your case, the user will get the Owner role as well as the reader role in the tenant
--please don't forget to upvote
and Accept as answer
if the reply is helpful--