Create more finger-grained RBAC to restrict users to add or remove specific roles.
I would like to create custom roles within Azure AD that provide more finger-grained RBAC actions than the current custom role options provide.
It would be great to be able to create custom roles to permit users to add and SPECIFIC remove roles to resources.
Example 1: Create a custom role that permits a user to add the “DevTest Labs User” role to the Lab they manage.
Example 2: Create a custom role that permits a user to add or remove only the “Contributor” role on a resource they manage, ensuring they are unable to remove owners or any other roles.