How can we improve Azure Signup and Billing?

Fix Reservations IAM

As the Account Administrator for my enrolment, I have no view of RIs which have been provisioned under the enrolment by default unless “Owner” access is explicitly provided by the “Contributor” who purchased the RI.

In effect, I have no ability to manage RI resources by default; and I may potentially not even know of their existence until I receive the quarterly invoice.

Please make the RIs accessible as per the standard IAM policy which applies to all other Azure resources (ie. Account and Service Administrators by default can view).

The Azure Doc (link below) states that "By default, the person that bought the reservation and the account administrator have the Owner role on the reservation."

In our case, this was not the case, as such I believe this is a bug.

Ref: https://docs.microsoft.com/en-us/azure/billing/billing-manage-reserved-vm-instance#add-or-change-users-who-can-manage-a-reservation

32 votes
Vote
Sign in
(thinking…)
Password icon
Signed in as (Sign out)
You have left! (?) (thinking…)
Tak Truong shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

2 comments

Sign in
(thinking…)
Password icon
Signed in as (Sign out)
Submitting...
  • Rich Davies commented  ·   ·  Flag as inappropriate

    Equally, it should be possible to have a RBAC role for purchasing reserved instances which doesn't require the purchaser to be an Admin for the subscription. Purchase of RI should be fundamentally a billing activity. I don't want my billing people to be admins of every subscription: what happened to the principle of least privilege.

Feedback and Knowledge Base