If I (or another) add user/identity access at a granular resource or resource group level I should be able to see that access when I search from the IAM blade at the subscription level.

For customers with large support organizations that have many engineers that need different levels of access and having to keep track of who/what you gave access at what level is a bit unreasonable.

I should be able to simply search from the top/subscription level and see what all access is granted to a user/identity so it can be removed when it is no longer needed.