🐛 Problem

This doc https://github.com/microsoft/finops-toolkit/blob/dev/docs-mslearn/toolkit/workbooks/finops-workbooks-overview.md mentions that reader access is enough to deploy the workbooks and you will be able to import it and just not save it; this would be true if we have the JSON file and import it via Azure Monitor Workbooks directly, however since what we provide is the ARM template, more permissions are required or you get this message

You don’t have authorization to perform action 'Microsoft.Resources/deployments/validate/action'.

👣 Repro steps

1. Have only reader access on the environment
2. Try to deploy the ARM template as stated here https://learn.microsoft.com/en-us/cloud-computing/finops/toolkit/workbooks/finops-workbooks-overview#deploy-the-workbooks
3. You will get the message with either of the workbooks if only reader access is assigned.

🤔 Expected

There are a few options:

• Provide the detailed roles required to deploy it
• Add the workbook to the gallery so it can be imported but not saved
• Share the workbooks' JSON so it is not part of an ARM template and can be imported and not saved bypassing the validation role required

ℹ️ Additional context

This affects the VBD description of WACOA as we only request reader access and the workbook is part of the workflow