@Ryan Ruenroeng Thanks for your follow-up questions on this.
I have tried to reproduce the same behavior in my own subscription by creating a user with Reader permission at subscription level and Contributor permission at Resource group level when we tried to deploy the function app from visual studio the Create option in publish profile is greyed out.
- If you have
Contributor
permission at Resource group level, and if you want to create a function app (irrespective of SKU like consumption, elastic premium or dedicated app service plan) you need to have the permissionsWebplan contributor
and alsoStorage Account contributor`
along withContributor
access on resource group.
- Since you have the contributor access at resource group level, you can ignore the Reader permission to that specific user at subscription level.
- If you have Contributor permission at subscription level, you can create the function app directly.
- If you want to limit the specific user to create a function app at subscription level or at resource group level you can limit the permissions by creating a custom role including permissions (Microsoft.Web/serverfarms/Write,Microsoft.Web/serverfarms/Write etc.,) by referring to the Resource Provider Operations Documentation
- Regarding the documentation change I would request you to raise a feedback request on the same documentation by click the feedback this page option at the bottom of the documentation as shown below
Feel free to reach back to me if you have any further questions on this.