如何使自定义角色的范围在 Azure 中成为资源组?

我已经编写了用于创建用户，资源组和角色定义的terraform。

我需要使资源定义的范围是我创建的资源组。

我不知道该怎么做。如果有人能在这方面提供帮助，那就太好了。

########### for creating user ####
# Configure the Azure Provider
provider "azurerm" {
version = "~> 1.30"
subscription_id="723604be-b74b-4473-9d11-1802dbfdb787"
}
provider "azuread" {
version = "~> 0.4"
subscription_id="723604be-b74b-4473-9d11-1802dbfdb787"
}
resource "azuread_user" "test" {
user_principal_name = "user1@catch.whizlabstesting.com"
display_name        = "User1"
mail_nickname       = "User1"
password            = "Muneeshpandi@17"
force_password_change = "false"
}
##### creating resource group #####
resource "azurerm_resource_group" "terraform_rg" {
name = "user1_rgp"
location = "East US"
}
########## creating role definition ##########
data "azurerm_subscription" "primary" {}
resource "azurerm_role_definition" "sql_role" {
name        = "sql_role"
scope       = "data.azurerm_subscription.primary.id"
description = "This is a custom role to create sql database"
permissions {
actions     = ["*"]
not_actions = []
}
assignable_scopes =  [
"/subscriptions/723604be-b74b-4473-9d11-1802dbfdb787/resourceGroups/user1_rgp"
]
}

执行上述代码时出现以下错误：

错误：授权。角色定义客户端#创建或更新：响应请求失败：状态代码 = 404 -- 原始错误：autorest/azure：服务返回错误。状态 = 404 代码="缺少订阅" 消息="请求没有订阅或有效的租户级别资源提供程序。

如何使自定义角色的范围在 Azure 中成为资源组？