# permissions for end users to edit resourcegroups. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: resourcegroup-editor-role rules: - apiGroups: - microsoft.resources.azure.com resources: - resourcegroups verbs: - create - delete - get - list - patch - update - watch - apiGroups: - microsoft.resources.azure.com resources: - resourcegroups/status verbs: - get