Rbac: hide resources that users don't have read permissionsome for
Example: Today if you create a custom permissions role and don't assign a user read to Microsoft.Compute/virtualMachines a user is still able to complete the wizard to create a new vm, once the deployment is submitted the deployment returns that the user doesnt have the correct permissions.
It would be preferred that the user can not access the blade to deploy a new vm.
We’re adding more validation to the blade to avoid this. Thanks for the feedback.
This would be a great enhancement in Portal usability