Restrict Account and Service Admin rights for cancelling a subscription
I believe that my request or idea is similar to the the topic "Splitting management group rights from subscription rights".
I understand that an user with the role of Account and/or Service Admin can cancel or transfer an Azure subscription. This action can cause a business continuity impact and I want to restrict this capability under the "Four Eyes Principle" or "Segregation of Duties". Is it possible? Currently I think that this feature is not available, thus making the entire designed RBAC model at the lower scopes potentially useless.
Thanks for the feedback. Account / Service Admins are classic administration roles that are outside of the ARM RBAC Model. They have equivalent RBAC roles like “Owner”. Management Groups are ARM Resources which means they do not look or govern the classic roles.
While we have no plans to support governing classic roles, I will keep this item open as unplanned.