SQL Managed Instance Contributor does not meet Segregation of Duty requirements
The newly SQL Managed Instance Contributor has ability to create and change Network Resources as Network Security Groups or Route Tables. Due to the fact that these Resources are of high importance regarding Network Security Segregation of Duties must be in place to segregate Database Operations from Network Operations.
The current SQL Managed Instance Contributor role breaches this wall and Database Operations would be able to change Network Security related resources.
Please amend the role so that Network Resources are handled either transparent or via a different role.