Sometimes RBAC built-in roles can give too much or too little privileges for a user. Any time you wanted to grant something custom, you had to resort to the command-line or the ARM API.
That’s in the past. Today in Public Preview this functionality is available through the Azure Portal.
Check out the documentation here.