![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(51.2, 35%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
Azure Cost Management
A Microsoft offering that enables tracking of cloud usage and expenditures for Azure and other cloud providers.
3,158 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 43%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
Hi, Rich072
Hmm, you could create a Custom role instead of Billing Reader or Reader and deploy that custom role to Management Groups 2 and 3 - theoretically, that means anyone in the custom role shouldn't be able to see any resources or cost analysis for the other management groups.
Actually, Try to assign the Cost Management Reader role, at the management group 2 and 3 and test. That user should only be able to see the subscriptions within those 2 management groups.
If that fails to work, you can try a custom role, without the: Microsoft.Management/managementGroups/read
Anyone with Owner, Contributor rights at a higher level will still continue to see everything.