Which specific roles and/or permissions in a 365 tenant would allow the user, where granted, the ability to view:
-all Mailbox content for all users/mailboxes, e.g. view the content of their inbox?
-all SharePoint content across the system
I appreciate there are the obvious, e.g. 'SharePoint administrator, 'Exchange administrator', 'Global administrator' etc, but I want to be sure there are no others that could easily be missed if working purely off default roles and permissions. In many other platforms there are ways of assigning specific privileges to custom roles which can purposely or inadvertently grant access to sensitive data, and therefore knowing of those specifics, and checking who has been granted those would be very useful.
Out of interest, does the global reader role, even though supposedly intended as a read only representation of the global admin account have 'global read access' within the various Microsoft services, e.g. can view user data within Exchange mailboxes, SharePoint sites etc.