How to create an user in azure portal with read only access to all resources in all subscription?

Question

I want to create an user in azure portal with read only access to all resources in all of my subscription. This user should not be able to modify any thing in any of my available subscriptions.

Answer 1

This only covers Azure Active Directory resources. If you are trying to give read-only to Azure SUBSCRIPTION Resources, add the users to the Azure Role: "Readers".

Answer 2

Seems You are trying to add a user who should have read only access to all resources in all of your subscription beside This user should not be able to modify anything on the tenant.

So the best way is to add that user as Global Reader(Can read everything that a global administrator can, but not update anything.) Role Which provides authority to access all resources in all of your subscription but cannot modify anything among the available subscriptions.

Hope this would help you.

Answer 3

You would need to set your RBAC assignments per subscription. In case you have many subscriptions, you can automate this with a Logic App and doing requests to the Management API. Reference here. So on your logic app, you basically get a list of subscriptions, and then iterate them, and make the RBAC add assignment request for each of the subscriptions and for your given user(s).

Answer 4

The best recommendation here will be to add users with the reader permission to each subscription.