Service Principal RBAC simulator
When handling shared subscriptions and deploying certain third party services we require to have a Service Principal that follows the principle of least privilege.
Nevertheless, after creating this intricate granular Service Principal, there is no proper way to test out it's functionality. The only way to see if your SP works is by actually deploying your service and see where it fails, update the SP and repeat.
AWS offers IAM policy simulator that does the job in their case. Something similar would be very helpful to have to improve the deployment experience.

We are investigating adding tools for understanding a security principal’s effective permissions. Stay tuned for updates.
Cheers,
/Stuart and Balaji