I have a question on AZURE Active directory and trying to understand the RBAC. I have a azure subscription and default directory created in it. I have a created a user in the default directory say [email protected] and assigned a reader permission on ONE of STORAGE ACCOUNT. Ideally , the user should be able to read the storage account and its properties.
Now , when I login to with [email protected] , and try to create a new TENANT in the azure (For testing the access of the user) , Azure is letting me create a NEW TENANT. Its confusing for me. I have restricted the access to only to STORAGE Account in default directory. Why is this behaviour?
