A user should be able to read a resource group. Not allowing the user to create/delete a resource group.
i. I have created a custom role using json script with the following permissions:
Actions: Microsoft.Resources/subscriptions/resourceGroups/read NotActions: Microsoft.Resources/subscriptions/resourceGroups/write, Microsoft.Resources/subscriptions/resourceGroups/delete
ii. Added it using PowerShell cmdlet New-AzureRMRoleDefinition. But when I assigned this custom role to a user in IAM, user is still able to create/delete a resource group.
Note: I have used RBAC and IAM services of Azure
Go to resource group blade >> IAM >> Add (at the top of the blade).
Select contributor. Select User. you are done.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.