RBAC Role for Reserved Instance creation WITHOUT Owner role on the Subscription
RBAC role created so a group can be added for the single purpose of Reserved Instance creation, without keys to the kingdom (Owner rights). Capacity and Procurement would not need such keys as they would only be creating RI’s, following Least Privilege Access.
Rajesh Kumar Nagapuri commented
It's a big road block for our company. we where in assumption RBAC is available for everything.
we asked our developer to build a portal to making reservation orders and showcase on dashboard to Leaders in savings.
Tool is ready, but because of RBAC not available and security rejected our request to get "Owner" role. Now our complete tool got wasted. :(
Rao Delliker commented
I have checked all azure builtinroles but did not find any Billing admin built in role at all. Can any kindly share me link of it ? Thanks
Billing admin role would be perfect
Ken Henderson commented
@Yashesvi Sharma we have this issue currently - billing teams have a need to access RI pricing and manage RI purchases, but they should not be Owners of the subscriptions.
@yashevi Sharma - yes billing admins are the appropriate role for this, generally it is a product owner or delivery function rather than azure admins.
Dan Klinger commented
Could you tell us what permission grants RI purchase access so we can create our own custom role for it?
Also, I think billing admins would be fine.
Bolan, Richard commented
Yes, it would make sense for a role such as this to create/manage reservations. This would mean Owner rights do not need to be delegated needlessly.
Yashesvi Sharma commented
I am the PM for RI, what if we allow all billing admins to create RIs? Will that solve the problem in your case?