Azure identity management is set as AAD. All user configuration and permissions rely on directory roles. You can see all enabled roles when looking at the user itself in Azure AD:
Around 70 default directory roles are available and can be enabled easily. This list may vary, depending on the enabled resource provided:
By showing the permissions of a role, you will see all features a role member can fulfill in Azure:
Configuring roles in Azure is quite easy, as you will need to set them up through the Access control (IAM) entry for a resource or resource group. If your requirement for a role is not available in Azure, you have the chance to set up your own role definition as RBAC. For example, if you will need to have a role that is a contributor, not all features that are allowed by default need to be enabled (for instance, deleting a virtual machine). Therefore, setting up the custom role is a configuration need:
The following JSON shows an example for a custom RBAC...