Enhance examples and documentation for role assignments, adding scenarios for multiple principals and role constraints

examples/scenario-1.tf

@@ -0,0 +1,48 @@
+# Scenario: Multiple principals with different role assignments at the same scope
+
+variable "principals" {
+  type = map(object({
+    principal_name   = string
+    principal_type   = string
+    roles            = list(string)
+    delegable_roles  = optional(list(string))
+    restricted_roles = optional(list(string))
+  }))
+
+  default = {
+    principal1 = {
+      principal_name = "sp-principal1"
+      principal_type = "User"
+      roles          = ["Reader"]
+    }
+    principal2 = {
+      principal_name = "sg-admins"
+      principal_type = "Group"
+      roles          = ["Contributor"]
+    }
+    principal3 = {
+      principal_name = "john.doe@example.com"
+      principal_type = "User"
+      roles          = ["Owner"]
+      restricted_roles = [
+        "Owner",
+        "User Access Administrator",
+        "Role Based Access Control Administrator"
+      ]
+    }
+  }
+}
+
+module "simple_iam" {
+  source = "../modules/terraform-azurerm-simple-iam"
+
+  scope          = data.azurerm_subscription.current.id
+  principal_id   = each.value.principal_id
+  principal_type = each.value.principal_type
+  roles          = each.value.roles
+
+  delegable_roles  = try(each.value.delegable_roles, [])
+  restricted_roles = try(each.value.restricted_roles, [])
+
+  for_each = var.principals
+}