Azure-docs: Is the custom role “SQL Analytics Monitoring Operator” too permissive?

The doc suggests creating a custom role called “SQL Analytics Monitoring Operator”

Recognizing that some organizations enforce strict permission controls in Azure, find the following PowerShell script enabling creation of a custom role “SQL Analytics Monitoring Operator” in Azure portal with the minimum read and write permissions required to use Azure SQL Analytics to its fullest extent.

The code supplied then lists specific permissions to enable for Microsoft.SQL/servers/databases but then adds a wildcard blanket permission at the end. Is that intentional? Doesn't that defeat the purpose of limiting permissions to only those needed? If it was intentional, it seems far too permissive, and unusable for meeting the strict permissions requirement.

 $role.Actions.Add("Microsoft.SQL/servers/databases/read");
 $role.Actions.Add("Microsoft.SQL/servers/databases/topQueries/queryText/*");
 $role.Actions.Add("Microsoft.Sql/servers/databases/advisors/read");
 $role.Actions.Add("Microsoft.Sql/servers/databases/advisors/write");
 $role.Actions.Add("Microsoft.Sql/servers/databases/advisors/recommendedActions/read");
 $role.Actions.Add("Microsoft.Sql/servers/databases/advisors/recommendedActions/write");
 $role.Actions.Add("Microsoft.Sql/servers/databases/automaticTuning/read");
 $role.Actions.Add("Microsoft.Sql/servers/databases/automaticTuning/write");
 $role.Actions.Add("Microsoft.Sql/servers/databases/*");

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: 77f273ec-aed5-1f65-0b6d-87240765d3e0
• Version Independent ID: d195959f-5742-7d94-f4f5-e70c0f0581e7
• Content: Azure SQL Analytics solution in Azure Monitor
• Content Source: articles/azure-monitor/insights/azure-sql.md
• Service: log-analytics
• GitHub Login: @danimir
• Microsoft Alias: danil