We have requirement where we need to create a role xxxx and assign to a user A. This user A can create a user but should assign only custom role xxxx to his users.
I Have created a custom role xxxx and in permissions I have excluded the Microsoft.Authorization/roleAssignment (read, write and delete). This stop the user assigning the roles compltely, But my requirement is user A can assign only custom role to the user (Hide Buil in roles in the drop down)
Thank you.
I guess that you can do this kind of logic into an azure policy ( roles will be showed into the drop down , but when you finalize the operation will get an error ) .
A similar thread Azure custom role: authorize role assignment for a specific set of roles