Hi,
I want to create a role which limits the entities available within a subscription. E.g if a subscription has 100 entities, I want to provide a role which has read acess to a subset only ( e.g those with a similar tag or within the same resource group)
I thought this could be done using the assignable scopes option, but when I try to add a scope for the resource group only the Custom Role does not appear in the subscription. IT allows me to add a scope for the subscription and the resource group, but that returns all entities in the subscription.
Is it possible to a have custom role within a subscription with assignable scope only containing a resource group?
Is there an alternative way to tackle this challenge?