I have Security administrator role on a subscription. Now, what I want to see is the resources available in the subscription to know the attack surface, but when I go to the resources tab, I see nothing Or if I check the VMs tab I cannot see any VM (even though they're available). Similarly, on the defender plans page, it shows all the resources as 0 whereas that's not the case.
Why being a security admin I cant see this data? Doesn't it come under my scope? If not, then what additional role I need to see this data. Obviously, I can't ask for Contributor consider the least privilege principle
I tried accessing resource details but couldn't. I was expecting to have access to this data as a security admin.
Hence assign Reader role to the user at subscription scope or resource group scope based on your requirement:
Now I am able to view the resources:
If you want to manage resources, then you have to assign contributor/owner role to the user.
Reference:
Azure built-in roles - Azure RBAC | Microsoft