@sachin sangal
Thank you for your post!
Based off your explanation it sounds like you want to:
- Give different users permissions based on the resource group name. For example, Contributor for Dev RG, and Reader for Test RG.
- This should occur each time a new resource group is created.
From my experience when it comes to automating this, if you're deploying your resource group via PowerShell you can potentially create the resource group first and add IAM permissions for users afterwards.
For example: Create resource groups, New-AzRoleAssignment
New-AzResourceGroup -Name demoResourceGroup -Location westus
New-AzRoleAssignment -ObjectId <String> -ResourceGroupName <String> -RoleDefinitionName <String>
Another way to do this is to assign each user their respective AzureAD groups based off permissions needed.
For example:
Create the AzureAD Group and assign users
Add the respective role assignment to the group via RBAC
I hope this helps! If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.
----------
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.