@arun kumar
Thank you for follow up on this!
Since you're assigning RBAC roles at the Subscription level and have a few users that only need to work on SQL VMs and no other VMs within the same Subscription. You can look into leveraging the Azure deny assignments feature to block users/groups from performing specific Azure resource actions, even if a role assignment grants them access. Additionally, you can also leverage Azure custom roles to create a role that meets your needs when it comes to user access.
Additional Link:
Best practices for Azure RBAC
I've also added azure-sql-virtual-machines
tag to this thread so their community can look into the specific admin access within a Linux SQL VM, since admin permissions within a VM aren't controlled via RBAC.
,
If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.