Hi, First
You will have to create your own Custom Role and assign it to the Resource Group.
{
"Name": "Snapshot Creator",
"IsCustom": true,
"Description": "Allows users to create snapshots for a specific VM.",
"Actions": [
"Microsoft.Compute/snapshots/write",
"Microsoft.Compute/virtualMachines/read"
],
"NotActions": [],
"DataActions": [],
"NotDataActions": [],
"AssignableScopes": []
}
You could start with the Disk Snapshot Creator role as a base, then add the, Microsoft.Resources/deployments/validate/action action to it, and the Resource Group read role to it*,* and tweak it for your needs*.*