You have an Azure subscription linked to a Microsoft Entra tenant. The tenant contains a security group named Group1. The subscription contains an Azure Data Lake Storage account named myaccount1, which has two containers named container1 and container2.

You need to grant Group1 read access to container1 while adhering to the principle of least privilege.

Which role should you assign to Group1?