RBAC Role for Reserved Instance creation WITHOUT Owner role on the Subscription
RBAC role created so a group can be added for the single purpose of Reserved Instance creation, without keys to the kingdom (Owner rights). Capacity and Procurement would not need such keys as they would only be creating RI’s, following Least Privilege Access.
Bolan, Richard commented
Yes, it would make sense for a role such as this to create/manage reservations. This would mean Owner rights do not need to be delegated needlessly.
Yashesvi Sharma commented
I am the PM for RI, what if we allow all billing admins to create RIs? Will that solve the problem in your case?