Fix Reservations IAM
As the Account Administrator for my enrolment, I have no view of RIs which have been provisioned under the enrolment by default unless “Owner” access is explicitly provided by the “Contributor” who purchased the RI.
In effect, I have no ability to manage RI resources by default; and I may potentially not even know of their existence until I receive the quarterly invoice.
Please make the RIs accessible as per the standard IAM policy which applies to all other Azure resources (ie. Account and Service Administrators by default can view).
The Azure Doc (link below) states that "By default, the person that bought the reservation and the account administrator have the Owner role on the reservation."
In our case, this was not the case, as such I believe this is a bug.
Rich Davies commented
Equally, it should be possible to have a RBAC role for purchasing reserved instances which doesn't require the purchaser to be an Admin for the subscription. Purchase of RI should be fundamentally a billing activity. I don't want my billing people to be admins of every subscription: what happened to the principle of least privilege.
Hello, I am on the reservation team. Thanks for the feedback, we have this feature in the backlog. Regarding your specific issue, can you please reach out to me at yashar[@]microsoft[dot]com