Daniel Fenz Thanks for posting your question in Microsoft Q&A. As you mentioned, Azure Spring Cloud Config Server Contributor role didn't have Microsoft.AppPlatform/Spring/apps/deployments/read
permission and only have the permissions to read, write, delete config service as the following:
Also, currently, there is no built-in role available with that permission. In general, we recommend creating a custom role with needed permissions following the principle of least privilege (reference doc). The doc: How to use permissions in Azure Spring Apps will help you create a custom role for different scenarios such as Developer, DevOps etc. and you can adopt based on your need. For the full list of permissions, check out Microsoft.AppPlatform doc with description about the permission action.
To submit a feature request or provide feedback to our product team, go to Azure Feedback and others with similar interest can upvote your idea too. I hope this helps and let us know if you have any questions.
If you found the answer to your question helpful, please take a moment to mark it as "Yes" for others to benefit from your experience. Or simply add a comment tagging me and would be happy to answer your questions.