As you know, access to Azure subscriptions and resources is managed using Role Based Access Control (RBAC).
While Microsoft is providing a lot of out the box RBAC roles, sometime you may need to create a custom role with very specific permissions to access subscriptions and resource groups.
In the past, this ability to create custom role was only available using command line tools (like PowerShell or Azure Cli).
Well, now you can also use the Azure portal to create a custom role.
Access your Azure portal (https://portal.azure.com/) and then search for Subscriptions, select the subscription you want to create the custom role for and finally access the Access Control blade
NOTE you can also do it from the same Access Control blade at the resource group level
From there you will have the ability to create your custom role.
You can create a new role from scratch, clone an existing role (including built in ones) or use a JSON file
If you have multiple subscriptions (or resource groups) and want to also make this new custom role available to the other ones, you can add additional subscription by adding new scope