...
Log in to the Azure portal.
Navigate to Subscription and click Access Control (IAM) on the navigation bar.
Click Add > Add custom role as shown below.
The Create a Custom Role wizard is displayed.On the Basics tab, enter a unique custom role name.
Click the JSON tab, and then click Edit.
Delete the existing JSON text.
Copy the text from the CustomRole_DeploymentUser.json file from the Installation files folder, which contains the required permissions, and paste it into the JSON textbox.
Replace the {Subscription_ID} with the respective Subscription Id.
Replace the value of roleName with the Custom role name value provided in Step 4.
Click Save. The JSON automatically assigns the required permissions.
Click on Review + Create. Then click Create. The custom role is created.
...