Manage access to billing information for Azure
For most subscriptions, you can give billing information access to members of your team from Subscriptions in the Azure portal. If you're an Azure customer with an Enterprise Agreement (EA customer) and are the Enterprise Administrator, you can give permissions to the Department Administrators and Account Owners in the Enterprise portal.
Give access to billing
All except EA customers can grant access to Azure billing information by assigning one of the following user roles to members of your team:
- Account Administrator
- Service Administrator
- Billing Reader
To assign roles, see Manage access using RBAC and the Azure portal.
Those roles have access to billing information in the Azure portal. People that are assigned those roles can also use the Billing APIs to programmatically get invoices and usage details. For more information, see Roles in Azure RBAC.
Allow users to download invoices
After you assign the appropriate roles to members of your team, the Account Administrator must turn on access to download invoices in the Azure portal. Invoices older than December 2016 are available only to the Account Administrator.
Sign in to the Azure portal.
As the Account Administrator, select your subscription from the Subscriptions blade in Azure portal.
Select Invoices and then Access to invoices.
Select On and save.
The Account Administrator can also configure to have invoices sent via email. To learn more, see Get your invoice in email.
Give read-only access to billing
Assign the Billing Reader role to someone that needs read-only access to the subscription billing information but not the ability to manage or create Azure services. This role is appropriate for users in an organization who are responsible for the financial and cost management for Azure subscriptions.
If you're an EA customer, an Account Owner or Department Administrator can assign the Billing Reader role to team members. But for that Billing Reader to view billing information for the department or account, the Enterprise Administrator must enable AO view charges or DA view charges policies in the Enterprise portal.
The Billing Reader feature is in preview, and does not yet support non-global clouds.
Sign in to the Azure portal.
Select your subscription from the Subscriptions blade in Azure portal.
Select Access control (IAM).
Select Role assignments to view all the role assignments for this subscription.
Select Add role assignment.
In the Role drop-down list, choose Billing Reader.
In the Select textbox, type the name or email for the user you want to add.
Select the user.
After a few moments, the user is assigned the Billing Reader role at the subscription scope.
The Billing Reader receives an email with a link to sign in.
Allow Department Administrator or Account Owner billing access
The Enterprise Administrator can allow the Department Administrators and Account Owners to view usage details and the costs associated to the Departments and Accounts that they manage.
- As the Enterprise Administrator, sign in to the EA portal.
- Select Manage.
- Under Enrollment, change the DA view charges to Enabled for the Department Admin to view usage and costs.
- Change AO view charges to Enabled for the Account Owner to view usage and costs.
For more information, see Understand Azure Enterprise Agreement administrative roles in Azure.
Only Account Admins can access Account Center
The Account Administrator is the legal owner of the subscription. By default, the person who signed up for or bought the Azure subscription is the Account Administrator, unless the subscription ownership was transferred to somebody else. The Account Administrator can create subscriptions, cancel subscriptions, change the billing address for a subscription, and manage access policies for the subscription from the Account Center.
- Users in other roles, such as Owner or Contributor, can access not just billing information, but Azure services as well. To manage these roles, see Manage access using RBAC and the Azure portal.
- For more information about roles, see Built-in roles for Azure resources.
Need help? Contact us.
If you have questions or need help, create a support request.
Send feedback about: