We have a subscription tied to our Azure tenant and have developers writing apps there. When they are setting up the app registration in Azure, they have to wander over to the global admin team and ask us to click the "grant permissions" button to enable access to 'Read directory data' for their app. Is there an Azure role that we can put those developers in for them to be able to 'Grant Permissions' for Reading Azure AD directory data for their app? Or does the role "global admin" only provide that ability? There is a complaint that this step of involving the global admins is tedious and time consuming to find someone to grant perms on a timely basis (and our GA users are sparse).
I've played around with application administrator, application developer, cloud application admin roles, but none of those worked. Unless as they develop their app they have to do something special?
Thanks in advance for any advice, suggestions, resolutions.