Hey everyone! I'm looking for some insight about the relationship between Microsoft partners and Azure reservations. My client wants to set up reservations to reduce their VM expenses, but their partner has created separate subscriptions for this. They claim they need Owner-level access to make the reservations, which has me feeling a bit uneasy. The client is worried about security since being an owner gives them control over all resources. Is this standard practice? Can we restrict their ownership or manage permissions in a different way?
2 Answers
Yup, the Reservation Purchaser role is the way to go if they're looking to buy reservations. It has all the necessary permissions without giving full ownership powers.
It sounds like you're dealing with CSP subscriptions. You should definitely talk to your partner about the RBAC roles eligible for Partner Earned Credit (PEC). Just to clarify, being an Owner isn't necessary to purchase reservations. There’s a specific Reservation Purchaser role designed for that, which doesn't require full Owner access. This could be a safer option for your client.
Absolutely! It's also worth mentioning that the minimum for PEC is Support Request Contributor. It's a more secure role that only lets the CSP raise support tickets, keeping things safe.
It's true! Reservations don't earn PECs even when a partner buys them. It's all a bit confusing but it's good to know that there are roles that allow purchases without full ownership.