I want to give a user with access rights to view the user access logs. My understaning is that they can view the user access logs if they have admin priviledge?
Is it possible to create an admin account and restrict admin access, e.g user A can only view user access logs, user B can only work on the Sign In Policies and Pages.
Yes, you can get incredibly granular with the admin user roles and what they can do within each role. You define read or write / all or custom / done by function - system, log, function.....
Easy to do what you want
This does work with the caveat that it works for only existing realms/roles/policies (unless you grant access to all roles/realms/policies/etc).
For user access log view, One other option I can think of is, have the logs forwarded to external server via ftp/scp and allow the user to access this external server.
To forward the user access logs to external server, go to Maintenance > Archiving
Pretty straightfoward. You will need to login as admin and define a new Admin Role - and then of course tie that role to the appropriate user via the Admin Realm and Role Mapping rules.
After you name and save the Admin Role you will get a new series of tabs - General / System / Users / Administrators / Resource Policies / Resource Profiles -
Those tabs all correspond to aministrator functions. For the log read function you would pretty much disable all options on all tabs except "System / Log Monitoring" where you could then allow the log types to be viewed.
That user would then login as an admin, map to their role and be limited to viewing the defined log types.