Option to deploy all resource in single resource group with SP having contributor access to resource group level #124
Description
The accelerator currently assumes contributor access at subscription level. This may not be situation with customer projects most of time, they usually create resource group for specific function/environment and then deploy everything in that resource group which is logically related (either env or functionality). We have a similar use-case where customer won't give us subscription level access due to security constraints, instead they can provide resource group level contributor access.
Is it possible to restrict the permissions required for running this accelerator at-most to resource group level and not beyond that