11,683 questions
The Global reader role should support the SPO admin center now, but it doesnt support OneDrive yet. I dont believe it grants you access to PowerShell though.
Grant someone "View only admin" access to SharePoint config?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 37%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESN%3C/text%3E%3C/svg%3E)
stephen no
6
Reputation points
Someone else in my organization is conducting an audit of the configuration/settings for our SharePoint Online service. For them to get all the config information they need for the audit, I want them to be able to access my SharePoint administrative settings i.e. everything in mydomain-admin.sharepoint.com and everything available through the Get-SPOXXX commands in SharePoint Online PowerShell, on a view-only basis.
I gave them a user account with Global Reader and Security Reader access in M365 core, and View Only everything in Exchange to conduct similar audits, but see no equivalent setting for SharePoint. They get a 401 Access Denied error when they try to log into SharePoint Admin.
What would be the best way to grant them View access to all of our SharePoint config without giving them an overly permissive role like Global Admin or Sharepoint Admin?
Microsoft 365 and Office SharePoint For business Windows
3 answers
Sort by: Most helpful
-
Vasil Michev 119.5K Reputation points MVP Volunteer Moderator2021-02-10T18:32:06.463+00:00 -
Chelsea Wu 6,341 Reputation points Moderator2021-02-11T06:38:37.577+00:00 The Global Reader role does not support the SharePoint Admin Center/SharePoint Online PowerShell currently (as I confirm from testing).
Users will need SharePoint Admin role assigned to have access to the SharePoint Admin Center for the time being, referring to the document here: About the SharePoint admin role in Microsoft 365.You can see another open issue related: Global Reader Role doesn't work with SharePoint Online nor PowerShell #57508.
In addition, a new feature named “SharePoint: Administration - Azure Active Directory Global Reader role” is currently in the status of “Rolling out”, which should fix this issue by the time it finishes launching: https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=&searchterms=Global%2CReader
If an Answer is helpful, please click "Accept Answer" and upvote it.
**Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread. **-
Chelsea Wu 6,341 Reputation points Moderator
2021-02-15T01:44:31.517+00:00 Hi @stephen no , do you have any progress on this thread? Please feel free to let us know if you need further assistance.
-
Chelsea Wu 6,341 Reputation points Moderator
2021-02-22T01:12:26.17+00:00 Hi @stephen no , I’m checking on how things are going on with this thread.
If you find an Answer helpful, please remember to accept it as answer. It will help others who meet similar questions in this forum. Thank you for your understanding.
Sign in to comment -
-
trevorseward 11,711 Reputation points2021-02-10T17:52:14.013+00:00 Global Reader is the only "view only" role available. If it doesn't provide the necessary access, then your only other option is the SharePoint Admin role.