Hi @Yugesh KC
If a user is provided with access at a management group / subscription or resource group level, their permissions are inherited for all child objects underneath it. Therefore if a user is granted owner rights at the root management group, they have owner rights across everything.
https://learn.microsoft.com/en-us/azure/role-based-access-control/overview
Using this model assumes that you have granted people explicit permissions. One way around this is to build your access model using privileged identity management. Using this method you can build a granular permissions model that only allows a user or group of users permissions to perform actions over Azure AD or Azure Resources for a limited time and scope. Also you can extend this out, so people have to approve the permissions first, such as making the client a member of the approvers group.
Depending on your business model, however you are being billed can be aggregated by management group, subscriptions, resources etc and you can work out the chargeback internally. There is also the Microsoft Partner agreement billing for multiple billing accounts which may suit your requirements. https://learn.microsoft.com/en-us/azure/cost-management-billing/understand/mpa-overview
I hope this helps provide you with the information you need. If it does, please make sure to mark the question as answered so it helps other people in future.
Kind regards
Alistair