In my organization, there are 2 policies:
- Users have to be ‘Owner’ on the Resource Group (RG) before he can create a Virtual Network.
- Users have to be ‘Owner’ on RG for deleting the RG.
Policy 1 is achieved: I used ‘azurerm_role_assignment’ to assign ‘Owner’ role and this depends on creation of RG.
Policy 2 is failing: While running ‘destroy’, role assignment is getting deleted before the RG. and when terraform tries to delete the RG in the last, it fails with error ‘does not have authorization to perform action’
Is there any solution to my problem that i am missing out or not aware of ?