| title | Attribute Log Administrator |
|---|---|
| description | Attribute Log Administrator |
| ms.topic | include |
| ms.date | 01/26/2026 |
| ms.custom | include file |
Assign the Attribute Log Reader role to users who need to do the following tasks:
- Read audit logs for custom security attribute value changes
- Read audit logs for custom security attribute definition changes and assignments
- Configure diagnostic settings for custom security attributes
Users with this role cannot read audit logs for other events.
[!INCLUDE security-attributes-roles]
For more information, see Manage access to custom security attributes in Microsoft Entra ID.
[!div class="mx-tableFixed"]
Actions Description microsoft.azure.customSecurityAttributeDiagnosticSettings/allEntities/allProperties/allTasks Configure all aspects of custom security attributes diagnostic settings microsoft.directory/customSecurityAttributeAuditLogs/allProperties/read Read audit logs related to custom secruity attributes