The default Cloud Shell will attempt to create new Resource Group if one does not exist.
For user that needs cloud shell, but does not have contributor privileges for the subscription, you can create separate resource group and give limited permissions to benefit from the functionality:
With following permissions you can let low privileged user to have cloud shell:
- Reader on the resource group
- Contributor on per user storage account
Create Cloud Shell
After creation of the file share user can open cloud shell