![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(51.2, 49%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECL%3C/text%3E%3C/svg%3E)
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 14.000000000000002%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPK%3C/text%3E%3C/svg%3E)
Thank you for contacting Microsoft Q&A forums .
Let me break my response in three parts :
1) In an IaaS world ,We have three major components of an VM : VM, NIC, Storage .
If you try to delete the VM from portal or any means you will still have the VNIC and OS disk in the RG/Subscription.
Hence for all the CRUD operations on the VM a user should be having access to Compute{VM}, Networking{VNIC} , Storage{OS Disk} .
Speaking of your use case if you give the user permissions at the VNIC as Network contributor ,
The command will still fail saying that user doesn’t have permissions on the OS Disk.
So you will need to add the contributor level access on the OS Disk as well .
2) Coming to your second question of how this operation works in portal and doesn’t work in Azure CLI/PowerShell ?
The API’s behind the portal and CLI are different , Hence we see multiple features in either of them based on availability .
We are trying hard to ensure that all the mediums reach to a point where they act similarly .
3) Honestly speaking we are not aware of any tweaks that could by pass the RBAC Policies .
I am trying out few more possibilities and will get back to you soon.