Forum Discussion
Security & Compliance Center RBAC vs Azure AD admin roles
Well it is even more complex. Microsoft's documentation says that the Global admin is automatically added as member of Organization Management role in SCC, but if you open SCC Admin site as Global admin you will see different management options then if you just add somebody to the Organization Management role in SCC. The same happens with Compliance Administrator, Security Administrator or Reader, which are AAD admin roles as well as SCC admin roles.
There is a difference between a Role Group (what EAC and the SCC use) and Roles, as used by the Azure AD, as the formed can be customized. In a nutshell though, assigning a user with one of those roles in AAD should add him to the relevant Role Group in the SCC, so they should give the same set of permissions.
The AAD roles are documented in details here, down to the individual permission entry: https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/directory-assign-admin-roles
Some additional information about the SCC roles can be found here: https://docs.microsoft.com/en-us/office365/securitycompliance/permissions-in-the-security-and-compliance-center?redirectSourcePath=%252farticle%252fPermissions-in-the-Office-365-Security-Compliance-Center-d10608af-7934-490a-818e-e68f17d0e9c1
I've read those documents a few time now and still don't see the difference and/or crossover between AAD role and Compliance Centre roles.