Allow PIM to be specific RG's or Resources in a subscription without multiple PIM Azure resource roles to get approval
Would possible to be able to setup PIM for members of a group to a custom role, but only to the resources that the custom role is assigned to so that the users only have to request 1 PIM access instead of several.
Currently, If I assign a role to a MGMT group, Subscription, Resource Group, or Resource, they show up as individual eligible roles for them to access.
I have a group of devs that we created a subscription for them, but they don't need to get access to specific RG's, or resources (NSG's, Route Tables, etc..). So to give them the access they need, they have to send it several PIM request each time they need to work on their environment.
Why couldn't we just select the subscription, and have the option to pick specific resources within that subscription and have them only have to PIM once?