This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(294.40000000000003, 3%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAC%3C/text%3E%3C/svg%3E)
Hi
What role would you recommend to provide if I want to allow only Read Access to a Function App. This should include reading the Configurations and App Settings (Environment Variables) on the portal
@Abhay Chandramouli In general if you have access to the Reader role at the function app/subscription level you should be able to view details the configuration.
In case if custom role you should have the read permission on microsoft.web/sites/config/web/appsettings to view the app settings.
Hello @Abhay Chandramouli
To provide read access to a Function App, you can assign the "Reader" role to the user or service principal. This role allows the user to view the Function App and its settings, but does not allow them to make any changes.
To specifically allow the user to read the configurations and app settings (environment variables), you can assign the "Website Contributor" role to the user or service principal. This role allows the user to view and modify the app settings, but does not allow them to modify the Function App itself.
Please note that the "Website Contributor" role also allows the user to modify other settings related to the web app, such as connection strings and deployment credentials. If you only want to allow the user to view the app settings, you can create a custom role with the necessary permissions.
I hope this helps