Is it better to configure IAM roles and policies from the resource group level perspective versus configuring them in from the account level perspective?

Is it better to configure IAM roles and policies from the Resource Group level versus configuring them in from the account level?

Resource Group level perspective:

Click on RG > IAM >policies, roles

Account level perspective:

Subscriptions > IAM > policies , roles

dsk