is there any standard role that give privileges to start/stop Virtual Machines in Azure resource group without give also creation privileges or privileges to modify existing resources? I didn't found one in the documentation, the only solution is create custom roles?
yes, the only solution is to create custom role, sample powershell:
$subs = Get-AzureRmSubscription
# Resource start\stop role
$role = Get-AzureRmRoleDefinition "Virtual Machine Contributor"
$role.Id = $null
$role.Name = "Resource Start/Stop (Scheduled)"
$role.Description = "Can read\start\stop VMs"
$role.Actions.Clear()
$role.Actions.Add("Microsoft.Compute/virtualMachines/deallocate/action")
$role.Actions.Add("Microsoft.Compute/virtualMachines/read")
$role.Actions.Add("Microsoft.Compute/virtualMachines/restart/action")
$role.Actions.Add("Microsoft.Compute/virtualMachines/start/action")
$role.AssignableScopes.Clear()
$subs | ForEach-Object {
$scope = "/subscriptions/{0}" -f $_.Id
$role.AssignableScopes.Add($scope)
}
$def = New-AzureRmRoleDefinition -Role $role
you can remove restart action if you dont need to restart vms