Reports reader role

Mohammed Furqhan A 36 Reputation points
2021-10-21T10:38:37.077+00:00

Hi,

Just to clarify , apart for user can we assign "Report reader" role apart to Resource Group or VM (VM is assigned with system assigned managed identity)

@SadiqhAhmed-MSFT

regards,
Furqhan

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
12,705 questions
No comments
{count} votes

2 answers

Sort by: Most helpful
  1. JamesTran-MSFT 26,616 Reputation points Microsoft Employee
    2021-10-21T17:22:29.147+00:00

    @Mohammed Furqhan A
    Thank you for your post!

    Assigning the Report Reader built-in role to a Resource Group or VM isn't possible, because the Report Reader is currently an Azure AD role-based access control (RBAC) role.

    Azure AD RBAC:
    Azure AD built-in and custom roles operate on concepts similar to Azure RBAC. However, The difference between these two role-based access control systems are:

    • Azure AD RBAC roles control access to Azure AD resources such as users, groups, and applications using the Microsoft Graph API
    • Azure RBAC roles control access to Azure resources such as virtual machines or storage using Azure Resource Management

    Azure AD RBAC Scope
    142269-image.png

    Azure RBAC:
    Azure RBAC is an authorization system built on Azure Resource Manager (ARM) that provides fine-grained access management of Azure resources.

    Azure RBAC Scope
    142268-image.png

    Additional 3rd party Link:
    Difference Between Azure AD Roles And Role-Based Access Control (RBAC)

    If you have any other questions, please let me know.
    Thank you for your time and patience throughout this issue.

    ----------

    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.


  2. Joseph Kilonzo 1 Reputation point
    2022-06-30T15:14:25.917+00:00

    If someone has a Microsoft 365 subscription.
    From the Microsoft 365 admin center, you create a new user,then you plan to assign the Reports reader role to the user.
    For someone view the permissions of the Reports reader role.
    Which admin center should one use? AAD or M365 ?

    Regards,
    Joseph Kilonzo
    jkilonzo.jk@Stuff .com

    No comments