Hi everyone,
I'm currently testing Azure PIM to delegate read permissions to our Azure tenant.
I've assigned with PIM the "Global reader" role for a test account, which has validated the access.
The scope defined is "Directory" and i cannot change it as it's greyed out.

Once done & logged on that account, i can confirm that my account has the global reader role:

I cannot discover any resources, as it says...

So how to proceed ?
If you tell me that i have to give as well some RBAC permission, what the use of that "Global reader" we assign in PIM ? By the way, i could give owner (write) permissions
on a subscription or management group, like my original "Global reader" would mean nothing, no?
Thanks in advance!
Arnaud
