Compute Gallery Image Reader

Author: rolyon

articles/role-based-access-control/built-in-roles.md

@@ -46,6 +46,7 @@ The following table provides a brief description of each built-in role. Click th
 > | <a name='azure-arc-vmware-vm-contributor'></a>[Azure Arc VMware VM Contributor](./built-in-roles/compute.md#azure-arc-vmware-vm-contributor) | Arc VMware VM Contributor has permissions to perform all VM actions. | b748a06d-6150-4f8a-aaa9-ce3940cd96cb |
 > | <a name='classic-virtual-machine-contributor'></a>[Classic Virtual Machine Contributor](./built-in-roles/compute.md#classic-virtual-machine-contributor) | Lets you manage classic virtual machines, but not access to them, and not the virtual network or storage account they're connected to. | d73bb868-a0df-4d4d-bd69-98a00b01fccb |
 > | <a name='compute-gallery-artifacts-publisher'></a>[Compute Gallery Artifacts Publisher](./built-in-roles/compute.md#compute-gallery-artifacts-publisher) | This is the role for publishing gallery artifacts. | 85a2d0d9-2eba-4c9c-b355-11c2cc0788ab |
+> | <a name='compute-gallery-image-reader'></a>[Compute Gallery Image Reader](./built-in-roles/compute.md#compute-gallery-image-reader) | This is the role for reading gallery images. | cf7c76d2-98a3-4358-a134-615aa78bf44d |
 > | <a name='compute-gallery-sharing-admin'></a>[Compute Gallery Sharing Admin](./built-in-roles/compute.md#compute-gallery-sharing-admin) | This role allows user to share gallery to another subscription/tenant or share it to the public. | 1ef6a3be-d0ac-425d-8c01-acb62866290b |
 > | <a name='data-operator-for-managed-disks'></a>[Data Operator for Managed Disks](./built-in-roles/compute.md#data-operator-for-managed-disks) | Provides permissions to upload data to empty managed disks, read, or export data of managed disks (not attached to running VMs) and snapshots using SAS URIs and Azure AD authentication. | 959f8984-c045-4866-89c7-12bf9737be2e |
 > | <a name='desktop-virtualization-application-group-contributor'></a>[Desktop Virtualization Application Group Contributor](./built-in-roles/compute.md#desktop-virtualization-application-group-contributor) | Contributor of the Desktop Virtualization Application Group. | 86240b0e-9422-4c43-887b-b61143f32ba8 |

articles/role-based-access-control/built-in-roles/compute.md

@@ -299,6 +299,49 @@ This is the role for publishing gallery artifacts.
 }
 ```
 
+## Compute Gallery Image Reader
+
+This is the role for reading gallery images.
+
+[Learn more](/partner-center/marketplace-offers/azure-vm-use-own-image)
+
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | --- | --- |
+> | [Microsoft.Compute](../permissions/compute.md#microsoftcompute)/galleries/images/read | Gets the properties of Gallery Image |
+> | [Microsoft.Compute](../permissions/compute.md#microsoftcompute)/galleries/images/versions/read | Gets the properties of Gallery Image Version |
+> | **NotActions** |  |
+> | *none* |  |
+> | **DataActions** |  |
+> | *none* |  |
+> | **NotDataActions** |  |
+> | *none* |  |
+
+```json
+{
+  "assignableScopes": [
+    "/"
+  ],
+  "description": "This is the role for reading gallery images.",
+  "id": "/providers/Microsoft.Authorization/roleDefinitions/cf7c76d2-98a3-4358-a134-615aa78bf44d",
+  "name": "cf7c76d2-98a3-4358-a134-615aa78bf44d",
+  "permissions": [
+    {
+      "actions": [
+        "Microsoft.Compute/galleries/images/read",
+        "Microsoft.Compute/galleries/images/versions/read"
+      ],
+      "notActions": [],
+      "dataActions": [],
+      "notDataActions": []
+    }
+  ],
+  "roleName": "Compute Gallery Image Reader",
+  "roleType": "BuiltInRole",
+  "type": "Microsoft.Authorization/roleDefinitions"
+}
+```
+
 ## Compute Gallery Sharing Admin
 
 This role allows user to share gallery to another subscription/tenant or share it to the public.