@JA I believe you would like to restrict access to users to ensure they do not modify or delete the endpoint right?
In this case you could add a custom role for read actions for the workspace or add a NotActions
list to disable delete or write actions. This page in the documentation should help to identify the roles that need to added under NotActions
.
You could also identify the roles available under Microsoft.MachineLearningService using the following CLI command and use the name field of all the write/delete actions in the NotActions
list of your custom role.
az provider operation show –n Microsoft.MachineLearningServices