Hi,
In my subscription every user has owner role on subscription level. Also, few users have also app admin role on subscription level. I want to make specific defined roles for my development team (two people) in the production resource group where they can do all:
-deployment for VMs;
-deletion of VMs;
-creation of security groups etc.
Only those two users from our team should have access to do the actions mentioned above in our production resource group. No other user should have the role to access to see/modify/change the deployment environment in our production resource group. This is available for the production resource group only.
For the remaining users in the team, the dev team will deploy another resource group (a testing one) where we can also have the development access: we can deploy, create and modify objects.
Our scope is to protect the production resource group.
So we should have two resource groups in the end:
- one of production (where only two people in the team can have access and deploy/modify and the rest of the team cannot have access)
second one for testing purposes where all colleagues in the team can deploy, create, modify objects
We need to do this while still keeping our app administrator roles active.
I understand that we need to change our roles from subscription level to resource group level. But how can I do that? Can you guide me through on how can I achieve the above?
Thank you very much!


