Is there a built-in Azure role(s) that will accomplish the following:
- Create any Azure resource
- Apply permissions to any Azure resource
- Not have read access to resources unless explicitly granted
Specifically, I am referring to a file share in a storage account. I would like to have a security "role" be able to do all of the above, but don't want them to be able to access the data in a file share unless they are explicitly granted permissions. There is a file share that would contain confidential documents that they security "role" should not be able to access, and yes I know that the "role" could easily just give themselves access to that share if they really wanted to.