You have an Azure AD tenant that is part of Microsoft Entra. The tenant contains a group named Group1.

You have an Azure subscription containing the following resources:

//IMG//

You need to ensure that members of Group1 can read CSV files from storage1 using the OPENROWSET function. The solution must meet the following requirements:

• Members of Group1 must use credential1 to access storage1.
• The principle of least privilege must be followed.

Which permission should you grant to Group1?