How to Grant Precise Access Control Rights for viewing Azure Front Door Reports?

Question

It appears that enabling a user with precise Access Control permissions, specifically tailored to viewing Reports and Security Reports for Azure Front Door, may not be achievable or, at the very least, is not well-documented. Even after granting them the majority of Monitoring-related roles, they continue to encounter a "Query Failed" message. I've experimented with the following options:

• Azure Front Door Domain Reader
• Azure Front Door Secret Reader
• CDN Endpoint Reader
• CDN Profile Reader
• Log Analytics Reader
• Monitoring Contributor
• Monitoring Data Reader
• Monitoring Reader

Is there a way the community can support my with this question topic?

Answer 1

Since Microsoft hasn’t yet come up with an official solution, I’ve managed to solve it with this custom role definition, even though it has far to many permissions.

{
    "properties": {
        "roleName": "Front Door Reports Reader (queryLogAnalyticsMetrics)",
        "description": "",
        "assignableScopes": [
            "/subscriptions/b9c18b1b-de83-4428-a685-6dca235625a2"
        ],
        "permissions": [
            {
                "actions": [
                    "Microsoft.Cdn/profiles/*/action"
                ],
                "notActions": [],
                "dataActions": [],
                "notDataActions": []
            }
        ]
    }
}