Workspace Admins and Researchers can see cost information on the tiles of their workspace, but they may want to view historical information and drill into it. The easy way to do this is by granting them restricted access to the Azure portal, showing them billing information for their workspace(s) and nothing else.
There's a recipe for this, from Steven:
Setting up the permissions - as Global Admin (or close to it) and with the workspace created (knowing the resource group name) and having all the uses who need to be given read billing access identified. I have not explored if this role could (or should) be added to the workspace owner role in the TRE...
Go to the home page in Azure Portal
Select BH-LS-TRE Subscription
Select Resource Groups in left hand menu
Select the workspace resource group you want to enable access to (e.g., rg-sde002-ws-4304)
Select Access control (IAM) in left hand column and 'Add Role Assignment'
Search for 'Cost Management Reader' in the list of roles and select 'Next' at bottom of page.
Click on 'Select Members' and then select users from the list until your selection is complete.
Click on 'Select' at the bottom of the popup to complete user selection
Review details and then complete action with 'Review + assign'
Setting up the views:
With global access: BH-LS-PMP TRE -> Cost Analysis.
Select Resource Group, and pick the name that this report is for.
Click the Share button to get a URL for this view which can be shared with the workspace team. This could be generated and be placed in the management page in the Project Management role.
Click the subscribe button and put in emails addresses to get a daily (or otherwise) email as to costs.
For this ticket, focus on granting the permissions. We'll deal with setting up views in another ticket.
Workspace Admins and Researchers can see cost information on the tiles of their workspace, but they may want to view historical information and drill into it. The easy way to do this is by granting them restricted access to the Azure portal, showing them billing information for their workspace(s) and nothing else.
There's a recipe for this, from Steven:
Setting up the permissions - as Global Admin (or close to it) and with the workspace created (knowing the resource group name) and having all the uses who need to be given read billing access identified. I have not explored if this role could (or should) be added to the workspace owner role in the TRE...
Setting up the views:
For this ticket, focus on granting the permissions. We'll deal with setting up views in another ticket.