Do you have an idea or suggestion based on your experience with Azure reservations?

← Azure Reservations

Create the ability to give permissions to all subscription reservations to a single principle.

We would like to have the ability to give permissions to all Reservations within a single EA to a single principle. This would include Enterprise Applications, Users and Groups.

From what we can tell, when Azure created the Reservation capabilities in their platform, they introduced a new abstract layer of authorization strictly around the Reservations themselves. When reservations are created the only people allowed to view them are the Owner of the subscription that the Reservations were created within, and the user that actual purchased the reservation.

The primary limitation to this method is that there is no a way to create a group of principals and have that group automatically or programmatically be given permissions to all existing and future Reservations.

With the potential for Azure customers to have multitudes of subscriptions and multitudes of Reservations within those subscriptions, potentially purchased by multiple different users, there is not happy path to allow authorization to all of the reservation data.

A couple solutions that would make this easier to manage would be:
Creating 2 new directory roles that could be applied to any principal that cover all Reservations under a given directory:
Reservations Admin
Reservations Reader

Allow the ability to setup a Group to be applied to all future Reservations.
This would require some investigation and work to Authorize all existing Reservations, but would allow newly created ones to have a centralized method of authorization.

I'm sure there are potentially other methods that could simplify this problem and I am happy to jump on a call and provide further clarity or answer any questions.

31 votes
Sign in
(thinking…)
Sign in with: Microsoft
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Jason Turner shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

4 comments

Sign in
(thinking…)
Sign in with: Microsoft
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Anonymous commented  ·   ·  Flag as inappropriate

    Has there been any update on this? You mentioned delivery by the end of last calendar year

  • Yashesvi Sharma commented  ·   ·  Flag as inappropriate

    Hi Folks - thanks for raising this feature. I am the PM for Azure RIs and can be reached at yashar[@]microsoft[dot]com

    We do have this feature in the backlog and we plan to deliver this before end of the calendar year. The approach that we are thinking of is that some billing roles will be able to see all RIs purchased in the org. Please reach out if you have any other inputs or suggestions.

  • Matthew Weaver commented  ·   ·  Flag as inappropriate

    This makes reporting RI costs to a common cost optimization platform difficult to impossible. The needs to be a better way.

Azure Reservations

Categories

Feedback and Knowledge Base

(thinking…)
Hosted by UserVoice