We have a requirement for data protection/information governance purposes to grant certain users the ability to report/document our SharePoint online system, in terms of:

Documenting full overview of the architecture, e.g. site collections, sites, document libraries, documents held within, folders etc - and read/write/full access control permissions granted at the various levels of the SharePoint hierarchy.

Are there any roles within SharePoint that would allow authorised users to do this (assuming they have the tools/scripts to do so), whilst at the same time not allowing them administrator level privileges to make any changes to the system, e.g. amend permissions/grant access etc? I am assuming if it works like a traditional file server, the role will require them to essentially have read level access to everything in SharePoint, as you need access to the folder/library in order to document the permissions assigned.

Furthermore are there any reports within the relevant 365 admin centres that would assist them with the documentation and reporting aspects, or is it likely a 3rd party app/script would be necessary.