Role read permissions text with include

rolyon · rolyon · commit 0d25c9e31132 · 2025-01-29T12:27:57.000-08:00
diff --git a/articles/role-based-access-control/built-in-roles/privileged.md b/articles/role-based-access-control/built-in-roles/privileged.md
@@ -177,12 +177,14 @@ Lets one read and manage all the reservations in a tenant
 
 Manage access to Azure resources by assigning roles using Azure RBAC. This role does not allow you to manage access using other ways, such as Azure Policy.
 
+[!INCLUDE [role-read-permissions.md](../includes/role-read-permissions.md)]
+
 > [!div class="mx-tableFixed"]
 > | Actions | Description |
 > | --- | --- |
 > | [Microsoft.Authorization](../permissions/management-and-governance.md#microsoftauthorization)/roleAssignments/write | Create a role assignment at the specified scope. |
 > | [Microsoft.Authorization](../permissions/management-and-governance.md#microsoftauthorization)/roleAssignments/delete | Delete a role assignment at the specified scope. |
-> | */read | Read resources of all types, except secrets. |
+> | */read | Global read of all Azure resources and all types, except for secrets. |
 > | [Microsoft.Support](../permissions/general.md#microsoftsupport)/* | Create and update a support ticket |
 > | **NotActions** |  |
 > | *none* |  |
@@ -222,12 +224,14 @@ Manage access to Azure resources by assigning roles using Azure RBAC. This role
 
 Lets you manage user access to Azure resources.
 
+[!INCLUDE [role-read-permissions.md](../includes/role-read-permissions.md)]
+
 [Learn more](/azure/role-based-access-control/rbac-and-directory-admin-roles)
 
 > [!div class="mx-tableFixed"]
 > | Actions | Description |
 > | --- | --- |
-> | */read | Read resources of all types, except secrets. |
+> | */read | Global read of all Azure resources and all types, except for secrets. |
 > | [Microsoft.Authorization](../permissions/management-and-governance.md#microsoftauthorization)/* | Manage authorization |
 > | [Microsoft.Support](../permissions/general.md#microsoftsupport)/* | Create and update a support ticket |
 > | **NotActions** |  |
diff --git a/articles/role-based-access-control/includes/role-read-permissions.md b/articles/role-based-access-control/includes/role-read-permissions.md
@@ -0,0 +1,9 @@
+---
+author: rolyon
+ms.service: role-based-access-control
+ms.topic: include
+ms.date: 01/31/2025
+ms.author: rolyon
+---
+
+This role includes global read permissions with the `*/read` action. Users with this role can read all Azure resources of all types, except for secrets.
