Creating an application registration to access Azure REST API under enterprise agreement
Question
Sorry if this is off-topic but I haven't been able to find any information on it anywhere else. I'm trying to create an application registration that will allow a batch process to access the Azure REST API on my behalf.
Normally, this is pretty simple: just create the user, give it API permissions to what you need, add a secret and then insert the tenant ID, application ID and secret into a request against the /token endpoint, as described here .
I have done that and gotten the access token but, when I try to get all the billing accounts associated with the enterprise agreement, by calling https://management.azure.com/providers/Microsoft.Billing/billingAccounts?api-version=2020-05-01 I get no information back. Also, when I try to access a particular billing account back, by calling https://management.azure.com/providers/Microsoft.Billing/billingAccounts/{account_id}?api-version=2020-05-01 , I get the following error and a 403 response code:
{
"error": {
"code": "Forbidden",
"message": "User is not authorized to access billing account '{account_id}'."
}
}
So, essentially the application user was created from an enterprise agreement account but can't access enterprise agreement resources from the API. What's going on here?
1 answers
solution1
0 2022-02-07 08:54:09
The application registration should have any of the below roles to access the billing accounts information:
- Service Administrator
- Co-administrator
- Owner
- Contributor
- Reader
- Billing reader
You can assign any of the above roles from the Access Control (IAM) to the application registration
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.