RBAC Role for Reserved Instance creation WITHOUT Owner role on the Subscription
RBAC role created so a group can be added for the single purpose of Reserved Instance creation, without keys to the kingdom (Owner rights). Capacity and Procurement would not need such keys as they would only be creating RI’s, following Least Privilege Access.
Now you can add users with “Reservation Purchaser” RBAC role on subscription and enable them to purchase without being a subscription owner.
Janke, Joel commented
Sweet...sure hope this allows all reservations to be managed by a user in the role.
Customers often need to allow a guest user or an application to handle RIs as a managed service. So billing user would not be appropriate. You already have the manage.capacity permissions. Ideally that would be the best way to assign permissions.
Has there been any movement on this? I see Yashevsi's response and billing admin would match our needs. It's insane to make someone an owner just to buy RIs.
Ibrahim OK commented
We are exteremly need for this update on our Azure tenant. We need a built in role for reservation operations
Tim Wanierke commented
Is there any update available. We also want to delegate the creation of reserved instances to a non-SubscriptionOwner role.
Rajesh Kumar Nagapuri commented
It's a big road block for our company. we where in assumption RBAC is available for everything.
we asked our developer to build a portal to making reservation orders and showcase on dashboard to Leaders in savings.
Tool is ready, but because of RBAC not available and security rejected our request to get "Owner" role. Now our complete tool got wasted. :(
Rao Delliker commented
I have checked all azure builtinroles but did not find any Billing admin built in role at all. Can any kindly share me link of it ? Thanks
Billing admin role would be perfect
Ken Henderson commented
@Yashesvi Sharma we have this issue currently - billing teams have a need to access RI pricing and manage RI purchases, but they should not be Owners of the subscriptions.
@yashevi Sharma - yes billing admins are the appropriate role for this, generally it is a product owner or delivery function rather than azure admins.
Dan Klinger commented
Could you tell us what permission grants RI purchase access so we can create our own custom role for it?
Also, I think billing admins would be fine.
Bolan, Richard commented
Yes, it would make sense for a role such as this to create/manage reservations. This would mean Owner rights do not need to be delegated needlessly.
Yashesvi Sharma commented
I am the PM for RI, what if we allow all billing admins to create RIs? Will that solve the problem in your case?