Role-based access control (RBAC) in Configuration Manager is managed through Azure DevOps.
To get started with Azure DevOps permissions, please refer to the “About permissions and security groups” guide in the Microsoft documentation.
By default, users added to Configuration Manager will be members of the Tenants Team, which is a member of the Contributors group and inherits the permissions of the Contributors group.
Members of the Tenants Team, or members of the [Tenants]\Contributors group, can perform all actions in Configuration Manager by default.
The following are examples of different ways to set Simeon permissions:
Adding a read-only user to Configuration Manager
Adding a custom read-only group