You can set the masterreader access which allows a user to view everything but not make changes.
Access control (IAM) is the page that you typically use to assign roles to grant access to Azure resources. It's also known as identity and access management and appears in several locations in the Azure portal.
To grant access to an Azure resource, you add a role assignment. Follow these steps to assign a role.
- Click on the specific resource you want to provide access.
- Click Access control (IAM).
- Click the Role assignments tab to add/view the role assignments at this scope.
- Select masterreader.
- Specify the user details to add.
Please refer Add or remove Azure role assignments using the Azure portal for more details.
If the Azure built-in roles don't meet the specific needs of your organization, you can create your own custom roles. Just like built-in roles, you can assign custom roles to users, groups, and service principals at management group, subscription, and resource group scopes.
Please see Create or update Azure custom roles using the Azure portal for more details.
Hope that helps. Do let us know if you have further queries.
Please accept helpful responses as 'Answer', which will be helpful to others as well.