SharePoint & OneDrive · Tenant Administration
Global Reader (SharePoint)
Read-only access to SharePoint admin center settings and configurations. Cannot make changes but can view all settings.
Scope: Organization-wide read-only access to SharePoint settings
Permissions
- SharePoint admin center - View all settings and configurations
- Sites - View site details and properties
- Sharing settings - View organization-wide policies
- Storage - View storage usage and quotas
- Reports - Access SharePoint usage reports
Common use cases
- Auditing SharePoint configuration
- Compliance reviews and assessments
- Executive dashboard access
- Troubleshooting without change rights
Best practices
- Assign to auditors and compliance officers
- Use for monitoring and reporting needs
- Combine with service-specific reader roles as needed
Security considerations
- Can view all tenant configuration details
- May see sensitive organizational settings
- No ability to make changes limits risk
Common questions
When should I assign the Global Reader (SharePoint) role?
Assign Global Reader (SharePoint) when you need to: Auditing SharePoint configuration; Compliance reviews and assessments; Executive dashboard access; and Troubleshooting without change rights. It is part of SharePoint & OneDrive and should be granted as a least-privilege alternative to broader roles like Global Administrator.
What can someone with the Global Reader (SharePoint) role do?
The Global Reader (SharePoint) role grants permissions including: SharePoint admin center - View all settings and configurations; Sites - View site details and properties; Sharing settings - View organization-wide policies; Storage - View storage usage and quotas; and Reports - Access SharePoint usage reports. See the Permissions section above for the full list.
What are the security risks of the Global Reader (SharePoint) role?
Key considerations when assigning Global Reader (SharePoint): Can view all tenant configuration details; May see sensitive organizational settings; and No ability to make changes limits risk. Review the Security considerations section before assignment, and pair with Privileged Identity Management (PIM) for just-in-time access where possible.