SharePoint & OneDrive · Tenant Administration

Global Reader (SharePoint)

Read-only access to SharePoint admin center settings and configurations. Cannot make changes but can view all settings.

Scope: Organization-wide read-only access to SharePoint settings

Permissions

  • SharePoint admin center - View all settings and configurations
  • Sites - View site details and properties
  • Sharing settings - View organization-wide policies
  • Storage - View storage usage and quotas
  • Reports - Access SharePoint usage reports

Common use cases

  • Auditing SharePoint configuration
  • Compliance reviews and assessments
  • Executive dashboard access
  • Troubleshooting without change rights

Best practices

  • Assign to auditors and compliance officers
  • Use for monitoring and reporting needs
  • Combine with service-specific reader roles as needed

Security considerations

  • Can view all tenant configuration details
  • May see sensitive organizational settings
  • No ability to make changes limits risk

Common questions

When should I assign the Global Reader (SharePoint) role?

Assign Global Reader (SharePoint) when you need to: Auditing SharePoint configuration; Compliance reviews and assessments; Executive dashboard access; and Troubleshooting without change rights. It is part of SharePoint & OneDrive and should be granted as a least-privilege alternative to broader roles like Global Administrator.

What can someone with the Global Reader (SharePoint) role do?

The Global Reader (SharePoint) role grants permissions including: SharePoint admin center - View all settings and configurations; Sites - View site details and properties; Sharing settings - View organization-wide policies; Storage - View storage usage and quotas; and Reports - Access SharePoint usage reports. See the Permissions section above for the full list.

What are the security risks of the Global Reader (SharePoint) role?

Key considerations when assigning Global Reader (SharePoint): Can view all tenant configuration details; May see sensitive organizational settings; and No ability to make changes limits risk. Review the Security considerations section before assignment, and pair with Privileged Identity Management (PIM) for just-in-time access where possible.

Official Microsoft Learn documentation →

Open the interactive RBACMap →