Azure Resource Manager allows creating custom roles that can be assigned to users, groups, or service principals.
A custom role that grants access to all resources of a subscription will have the same capabilities as the built-in Owner role.

It's recommended to limit the number of subscription owners in order to mitigate the risk of being breached by a compromised owner.
Having a custom role that grants subscription Owner capabilities makes it way more difficult to enforce this limitation.

This rule raises an issue when a custom role has an assignable scope set to a Subscription or a Management Group and allows all actions (``++*++``)