Azure Global Reader no able to read Entra ID

Celine Yip 0 Reputation points
2024-03-24T14:45:44.6433333+00:00

I just got the global reader role for the azure, but when i try to check the detailed configuration of the Entra ID, e.g. Activity logs, Users, using Azure portal, I am not able to do it, showing the message " Insufficient privileges to complete the operation. ", would anyone know how to solve, thank you!

Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
660 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,399 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Navya 3,755 Reputation points Microsoft Vendor
    2024-03-25T07:13:39.13+00:00

    Hi @Celine Yip

    Thank you for posting this in Microsoft Q&A.I understand that you have facing an issue where you are unable to view the detailed information of the Entra ID, even though you have the global reader role for Azure.

    We can check Activity logs in entra id with the help of global reader role, which allows us to check activity logs. I've tried using global reader to see the logs in my environment, and I'm seeing them successfully.

    Please check below steps to fix this issue:

    1.Could you please attempt to access the detailed information of the Entra ID using a different web browser?

    2.Can you confirm whether you are currently using a member account or a guest account?

    If you are using guest account, check below highlighted settings. When guest access is restricted, guests can view only their own user profile. Permission to view other users isn't allowed even if the guest is searching by User Principal Name or objectId.
    User's image For your reference: Restrict guest access permissions in Microsoft Entra ID

    If you are using member account, please refer this post where similar issue has been discussed: https://learn.microsoft.com/en-us/answers/questions/1622528/403-error-when-opening-microsoft-entre-id-with-own

    3.If your organization utilizes PIM, can you kindly verify whether you have acquired the eligible role or activated role?

    It may be feasible for your organization to grant global reader role eligibility through PIM. In order to activate this role, you must ensure that the necessary steps have been completed.

    Hope this helps. Do let us know if you any further queries.

    Thanks,

    Navya.

    0 comments No comments