What role can I assign to a user that will allow them to create resource groups? I cannot use owner or contributor because those are too powerful. The whole point is limit what various developers can do.
For example, our development teams create web apps with databases and deploy them to Azure. These resources are put in a single resource group. So the dev needs to create the app service, app service plan, sql db, app insights and resource group. But we don't want all developers to have access to many of the other resources in Azure. This is why contributor or owner is too powerful.
Also, FYI, we are working towards ARM templates deployed by pipelines but that is taking a while. So in the mean time, some of this is done manually.
All of this seems possible with RBAC except resource group.
Thanks,
Andy