Billing Permissions - Check Access By Invoice Section

Service:: Billing

API Version:: 2024-04-01

Provides a list of check access response objects for an invoice section.

POST https://management.azure.com/providers/Microsoft.Billing/billingAccounts/{billingAccountName}/billingProfiles/{billingProfileName}/invoiceSections/{invoiceSectionName}/checkAccess?api-version=2024-04-01

URI Parameters

Name	In	Required	Type	Description
billingAccountName	path	True	string pattern: ^([0-9]+\|([Pp][Cc][Nn]\.[A-Za-z0-9]+)\|[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}(:[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}_[0-9]{4}(-[0-9]{2}){2})?)$	The ID that uniquely identifies a billing account.
billingProfileName	path	True	string pattern: ^[a-zA-Z\d-_]{1,128}$	The ID that uniquely identifies a billing profile.
invoiceSectionName	path	True	string pattern: ^[a-zA-Z\d-_]{1,128}$	The ID that uniquely identifies an invoice section.
api-version	query	True	string	The version of the API to be used with the client request. The current version is 2024-04-01.

Request Body

Name	Type	Description
actions	string[]	List of actions passed in the request body against which the permissions will be checked.

Responses

Name	Type	Description
200 OK	CheckAccessResponse[]	The list of check access response objects for an invoice section.
Other Status Codes	ErrorResponse	Error response describing why the operation failed.

Examples

CheckAccessByInvoiceSection

Sample request

POST https://management.azure.com/providers/Microsoft.Billing/billingAccounts/10000000-0000-0000-0000-000000000000:00000000-0000-0000-0000-000000000000_2019-05-31/billingProfiles/xxxx-xxxx-xxx-xxx/invoiceSections/Q7GV-UUVA-PJA-TGB/checkAccess?api-version=2024-04-01

{
  "actions": [
    "Microsoft.Billing/billingAccounts/read",
    "Microsoft.Subscription/subscriptions/write"
  ]
}


import com.azure.resourcemanager.billing.models.CheckAccessRequest;
import java.util.Arrays;

/**
 * Samples for BillingPermissions CheckAccessByInvoiceSection.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/billing/resource-manager/Microsoft.Billing/stable/2024-04-01/examples/checkAccessByInvoiceSection.
     * json
     */
    /**
     * Sample code: CheckAccessByInvoiceSection.
     * 
     * @param manager Entry point to BillingManager.
     */
    public static void checkAccessByInvoiceSection(com.azure.resourcemanager.billing.BillingManager manager) {
        manager.billingPermissions().checkAccessByInvoiceSectionWithResponse(
            "10000000-0000-0000-0000-000000000000:00000000-0000-0000-0000-000000000000_2019-05-31", "xxxx-xxxx-xxx-xxx",
            "Q7GV-UUVA-PJA-TGB",
            new CheckAccessRequest().withActions(
                Arrays.asList("Microsoft.Billing/billingAccounts/read", "Microsoft.Subscription/subscriptions/write")),
            com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

from azure.identity import DefaultAzureCredential

from azure.mgmt.billing import BillingManagementClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-billing
# USAGE
    python check_access_by_invoice_section.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = BillingManagementClient(
        credential=DefaultAzureCredential(),
        subscription_id="SUBSCRIPTION_ID",
    )

    response = client.billing_permissions.check_access_by_invoice_section(
        billing_account_name="10000000-0000-0000-0000-000000000000:00000000-0000-0000-0000-000000000000_2019-05-31",
        billing_profile_name="xxxx-xxxx-xxx-xxx",
        invoice_section_name="Q7GV-UUVA-PJA-TGB",
        parameters={
            "actions": ["Microsoft.Billing/billingAccounts/read", "Microsoft.Subscription/subscriptions/write"]
        },
    )
    print(response)


# x-ms-original-file: specification/billing/resource-manager/Microsoft.Billing/stable/2024-04-01/examples/checkAccessByInvoiceSection.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armbilling_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/billing/armbilling"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/c08ac9813477921ad8295b98ced8f82d11b8f913/specification/billing/resource-manager/Microsoft.Billing/stable/2024-04-01/examples/checkAccessByInvoiceSection.json
func ExamplePermissionsClient_CheckAccessByInvoiceSection() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armbilling.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewPermissionsClient().CheckAccessByInvoiceSection(ctx, "10000000-0000-0000-0000-000000000000:00000000-0000-0000-0000-000000000000_2019-05-31", "xxxx-xxxx-xxx-xxx", "Q7GV-UUVA-PJA-TGB", armbilling.CheckAccessRequest{
		Actions: []*string{
			to.Ptr("Microsoft.Billing/billingAccounts/read"),
			to.Ptr("Microsoft.Subscription/subscriptions/write")},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.CheckAccessResponseArray = []*armbilling.CheckAccessResponse{
	// 	{
	// 		AccessDecision: to.Ptr(armbilling.AccessDecisionAllowed),
	// 		Action: to.Ptr("Microsoft.Billing/billingAccounts/read"),
	// 	},
	// 	{
	// 		AccessDecision: to.Ptr(armbilling.AccessDecisionNotAllowed),
	// 		Action: to.Ptr("Microsoft.Subscription/subscriptions/write"),
	// }}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { BillingManagementClient } = require("@azure/arm-billing");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Provides a list of check access response objects for an invoice section.
 *
 * @summary Provides a list of check access response objects for an invoice section.
 * x-ms-original-file: specification/billing/resource-manager/Microsoft.Billing/stable/2024-04-01/examples/checkAccessByInvoiceSection.json
 */
async function checkAccessByInvoiceSection() {
  const billingAccountName =
    "10000000-0000-0000-0000-000000000000:00000000-0000-0000-0000-000000000000_2019-05-31";
  const billingProfileName = "xxxx-xxxx-xxx-xxx";
  const invoiceSectionName = "Q7GV-UUVA-PJA-TGB";
  const parameters = {
    actions: [
      "Microsoft.Billing/billingAccounts/read",
      "Microsoft.Subscription/subscriptions/write",
    ],
  };
  const credential = new DefaultAzureCredential();
  const client = new BillingManagementClient(credential);
  const result = await client.billingPermissions.checkAccessByInvoiceSection(
    billingAccountName,
    billingProfileName,
    invoiceSectionName,
    parameters,
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Billing.Models;
using Azure.ResourceManager.Billing;

// Generated from example definition: specification/billing/resource-manager/Microsoft.Billing/stable/2024-04-01/examples/checkAccessByInvoiceSection.json
// this example is just showing the usage of "BillingPermissions_CheckAccessByInvoiceSection" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this BillingInvoiceSectionResource created on azure
// for more information of creating BillingInvoiceSectionResource, please refer to the document of BillingInvoiceSectionResource
string billingAccountName = "10000000-0000-0000-0000-000000000000:00000000-0000-0000-0000-000000000000_2019-05-31";
string billingProfileName = "xxxx-xxxx-xxx-xxx";
string invoiceSectionName = "Q7GV-UUVA-PJA-TGB";
ResourceIdentifier billingInvoiceSectionResourceId = BillingInvoiceSectionResource.CreateResourceIdentifier(billingAccountName, billingProfileName, invoiceSectionName);
BillingInvoiceSectionResource billingInvoiceSection = client.GetBillingInvoiceSectionResource(billingInvoiceSectionResourceId);

// invoke the operation and iterate over the result
BillingCheckAccessContent content = new BillingCheckAccessContent
{
    Actions = { "Microsoft.Billing/billingAccounts/read", "Microsoft.Subscription/subscriptions/write" },
};
await foreach (BillingCheckAccessResult item in billingInvoiceSection.CheckAccessBillingPermissionsAsync(content))
{
    Console.WriteLine($"Succeeded: {item}");
}

Console.WriteLine("Succeeded");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample response

Status code:: 200

[
  {
    "accessDecision": "Allowed",
    "action": "Microsoft.Billing/billingAccounts/read"
  },
  {
    "accessDecision": "NotAllowed",
    "action": "Microsoft.Subscription/subscriptions/write"
  }
]

Definitions

Name	Description
AccessDecision	Access Decision, specifies access is allowed or not.
CheckAccessRequest	Request to check access.
CheckAccessResponse	The properties of a check access response.
ErrorAdditionalInfo	The resource management error additional info.
ErrorDetail	The error detail.
ErrorResponse	Error response

AccessDecision

Enumeration

Access Decision, specifies access is allowed or not.

Value	Description
Other
Allowed
NotAllowed

CheckAccessRequest

Object

Request to check access.

Name	Type	Description
actions	string[]	List of actions passed in the request body against which the permissions will be checked.

CheckAccessResponse

Object

The properties of a check access response.

Name	Type	Description
accessDecision	AccessDecision	Access Decision, specifies access is allowed or not.
action	string	Gets or sets an action.

ErrorAdditionalInfo

Object

The resource management error additional info.

Name	Type	Description
info	object	The additional info.
type	string	The additional info type.

ErrorDetail

Object

The error detail.

Name	Type	Description
additionalInfo	ErrorAdditionalInfo[]	The error additional info.
code	string	The error code.
details	ErrorDetail[]	The error details.
message	string	The error message.
target	string	The error target.

ErrorResponse

Object

Error response

Name	Type	Description
error	ErrorDetail	The error object.