I am using a Service principle to create a Service Bus topic using Azure powershell New-AzServiceBusTopiccommand. The Service principle has a custom role assigned to it which has the Action/permission "Microsoft.ServiceBus/*" assigned to it. I am guessing this action means the principle has right to perform any operation on the Service bus including creating a topic.
However calling New-AzServiceBusTopic returns error "Operation returned an invalid status code 'Forbidden'". I can however call Remove-AzServiceBusTopic and remove any existing topic in the namespace.
What permission/action do I need to assign to the custom role to be able to create the topic?
I am looking at the set available permissions at https://docs.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations#microsoftservicebus