I want to give a specific RBAC to a user so that he can create a NIC but not to modify. As a matter of fact, what it is aimed is that he shouldn't have permission to change the dynamic ip to static ip and change the ip address of the NIC.
I have checked the RBACs of NIC, but it seems that if he has Microsoft.Network/networkInterfaces/write permission , he can create a network interface or update an existing network interface. So this Rbac is not as detailed as i want.
I have also tried to give all permissions but not Microsoft.Network/networkInterfaces/read. In that case, the NIC can be created but i can neither see the ip of the nic nor ssh/rdp to the VM. So it is not a solution for me.
I have checked the built-in Azure Policies, but there isn't nothing good for my needs.
Any idea?
It is not possible for someone to have permissions to create a resource but not edit it, as it is all contained under the write permission.
Your best bet would be to use Azure Policy to define a policy that doesn't allow static IP addresses.