Instead of defining the detailed access requirements for each individual, and then updating access requirements when new resources are created, Azure enables you to control access through Azure role-based access control (Azure RBAC).
Azure provides built-in roles that describe common access rules for cloud resources. You can also define your own roles. Each role has an associated set of access permissions that relate to that role. When you assign individuals or groups to one or more roles, they receive all of the associated access permissions.
Role-based access control is applied to a scope, which is a resource or set of resources that this access applies to.
Here’s a diagram that shows the relationship between roles and scopes:
Use Azure RBAC when you need to: