@Bueyuekgebiz, Rahmiye Buesra (T CST SEL-DE)
Thank you for posting this in Microsoft Q&A.
For the first part of your query, it is handled by Azure policy team. you can create another thread with "Azure Policy" tag.
About the other part of your query, we can only assign the permissions "write/modify/delete" after creating a resource group. After creating the resource group you can assign specific permission whichever is required.
As you do not want to manually assign permissions to users manually, you can make use of PIM feature in Azure. With this feature you can have users activate the permission. Once there is a permission activated there is a request that gets generated for application and you just have to approve the request.
https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/pim-configure
let me know if you have any further questions.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.