Hi @alma eyre ,
As mentioned in your other thread as well,
If you want to use Azure service management API to get the list of subscriptions and resource groups, user_impersonation is the scope that you need to request to work with the Azure Management API.
You can add permission as mentioned below Application-> API permissions -> Add a permission -> select Azure Service Management API -> select the user_impersonation
Also, you need to make sure the user has role i.e Contributor assigned in the subscription.
Hope this will helps.
Thanks,
Shweta
-----------------------------------
Please remember to "Accept Answer" if answer helped you.