Regarding the template request, I'd suggest to specify that the write permissions are usually given by assigning the "Contributor" role to the c_cloud account.
The role named "Contributor" will be clear to everyone, because it's a pre-defined role in Azure which will always exist and cannot be modified
Flavio Vecellio (cloud engineer) 's suggestion: