We are currently review our user access permission for Azure. We want to review and further refine the existing/built-in roles that came with Azure. For example, the Contributor access may be a bit too much in some instance. Specifically, below are two roles ware are trying to create:
DEVELOPER: Currently our Developers are assigned Contributor by default. The issue here is that this gives them the ability the create/delete resources as will. Resources are typically pre-created by the Cloud Team. We want to limit that. Ideally, we want to give them the ability to configure resources and start/stop rescues.
OPERATOR: This is for our IT folks who need to review resources and start and restart resources. Similar to the Developer roles above, they don't need to create/delete resources.
Any suggestions or roles examples that can help achieve the above?
Thanks
You can use Azure Custom Roles. Take a look at the Azure Portal Tutorial and the Azure resource provider operations.