Hello George Lee
Welcome to Microsoft Q&A Platform, thanks for posting your query here.
To create a resource group, you need to have the "Contributor" or "Owner" role assigned to your account. If you are unable to create a resource group, it is possible that the Owner role has set up custom role-based access control (RBAC) policies that restrict your permissions.
To create a VM, you need to have the "Virtual Machine Contributor" role assigned to your account. This role allows you to create and manage virtual machines, but does not give you permission to create or manage resource groups.
If you are unable to create a resource group or a VM, you may need to contact the Owner role or an Azure administrator to request additional permissions. The least privilege role for creating a VM is the "Virtual Machine Contributor" role.
Yes, there is documentation available that can help you determine what role you need to create certain resources.
The Azure documentation provides a list of built-in roles that you can use to assign permissions to users, groups, and applications. Each role has a set of permissions that determine what actions can be performed on Azure resources.
You can find more information about these roles in the Azure documentation:
https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles
In addition to the built-in roles, you can also create custom roles that are tailored to your specific needs.
I hope this helps.