Only View Budgets For My Assigned Scope
As a subscription owner, I created budgets for 2 resource groups (let's call them Resource Group 1 and Resource Group 2). I then created a new Azure AD user (email@example.com) and assigned him the Cost Management Reader role on Resource Group 1. I was surprised that when logged in as this user, when viewing the parent Subscription scope in the Budgets tab, I was able to see the budgets for both Resource Group 1 and Resource Group 2 (Even though the logged in user doesn't have any RBAC access to the subscription or Resource Group 2). I feel you should only be able to see budgets at a scope that you have RBAC access to (either the resource itself or a parent resource). Organizations will NOT want different groups to see the budgets or other groups as some groups may have higher budgets that they don't want to advertise. I wasn't sure if this was a bug, as designed, or if I'm doing something wrong.