Improved RBAC roles for API Management
Right now, Azure RBAC only has 3 API Management specific roles defined: API Management Service Contributor, API Management Service Operator and API Management Service Reader.
These are OK, but they are not enough for many customers. In particular, many customers require giving developers or architects permissions to define and manage APIs without touching anything else (i.e no product, security, or similar configurations).
While this is potentially possible to do using custom RBAC roles, doing so in a way that keeps everything working correctly and that does not break when the PG changes the way the portal works is non-trivial.
So having a role that grants that level of behavior without forcing the user to grant full contributor role would be very nice.
We also need API View-Only Role for PROD, where business can come and View their API Configurations and the related Analytics. But no access to view the other configurations (VNet, Custom Domains, Protocols etc), also NO Access to TEST the APIs in PROD.