role access problem , Error :RBACAccessDenied

Lucas Duran 0 Reputation points

Hello cumunnity, im new here and i have a question about this access problem.
I create an app from my Azure AD, this app i used for read the costs of billings account, i use this API query usage :
when i send this request :{{billing_account}}/providers/Microsoft.CostManagement/query?api-version=2023-03-01 i have this response:

    "error": {
        "code": "RBACAccessDenied",
        "message": "The client does not have authorization to perform action. Request ID: 98c2999a-5964-483f-b8d6-3f2a024fe915"

From my billing account i add the access to my app, the acces i add is : Cost management reader and Cost management contributor, but the problem persist and i not find a solution for this, i need your help, thank u for the read.

Azure Cost Management
Azure Cost Management
A Microsoft offering that enables tracking of cloud usage and expenditures for Azure and other cloud providers.
2,312 questions
{count} votes

1 answer

Sort by: Most helpful
  1. SadiqhAhmed-MSFT 40,911 Reputation points Microsoft Employee

    Hello @Lucas Duran Thank you for contacting us on Microsoft Q&A Platform. Happy to help!

    I understand that you created an app from Azure AD, to read the costs of billings accounts. However, it errors out as ""RBACAccessDenied". This implies that there is a permission issue that we need to fix to run the API query successfully.

    If the link you posted is the one that you used, then I believe this billing account is an EA billing account. 

    In that case, since the scope is billing account, so the traditional RBAC role won’t work since you will need Enrollment Reader role on the SPN. This can only be done via calling API.

    You can find the official document here:

    Hope this helps. Let us know if you need further assistance in this matter!

    If the response helped, do "Accept Answer" and up-vote it

    0 comments No comments