Add Microsoft.Authorization/roleAssignments/read (#497)

* New-AzPolicyReaderRole script creates
roleAssignments/read permission

* Updated policy reader role screenshots
Updated policy reader role documentation

---------

Co-authored-by: Benjamin Rohner <[email protected]>

Docs/ci-cd-app-registrations.md

@@ -25,6 +25,7 @@ EPAC uses a set of Entra ID App Registrations (Service Principals). To build the
                     "Microsoft.Authorization/policydefinitions/read",
                     "Microsoft.Authorization/policyexemptions/read",
                     "Microsoft.Authorization/policysetdefinitions/read",
+                    "Microsoft.Authorization/roleAssignments/read",
                     "Microsoft.PolicyInsights/*",
                     "Microsoft.Management/register/action",
                     "Microsoft.Management/managementGroups/read"

Docs/create-policy-reader-role.md

@@ -6,6 +6,7 @@ Creates a custom role `EPAC Resource Policy Reader` with `Id` `2baa1a7c-6807-46a
 * `Microsoft.Authorization/policydefinitions/read`
 * `Microsoft.Authorization/policyexemptions/read`
 * `Microsoft.Authorization/policysetdefinitions/read`
+* `Microsoft.Authorization/roleAssignments/read`
 * `Microsoft.PolicyInsights/*`
 * `Microsoft.Management/register/action`
 * `Microsoft.Management/managementGroups/read`

Scripts/Operations/New-AzPolicyReaderRole.ps1

@@ -69,6 +69,7 @@ $perms = @(
     "Microsoft.Authorization/policydefinitions/read",
     "Microsoft.Authorization/policyexemptions/read",
     "Microsoft.Authorization/policysetdefinitions/read",
+    "Microsoft.Authorization/roleAssignments/read",
     "Microsoft.PolicyInsights/*",
     "Microsoft.Management/register/action",
     "Microsoft.Management/managementGroups/read"