Multiple wildcards in Azure RBAC

I saw this in the documentation:

You can also have multiple wildcards in a string. For example, the following string represents all query permissions for Cost Management.

Microsoft.CostManagement/*/query/*

What does the first wildcard mean before the query?

Solution

It represents the resources under the Microsoft.CostManagement resource provider, e.g. externalBillingAccounts, externalSubscriptions.

With the action permission Microsoft.CostManagement/*/query/*, you will be able to query usage data under Microsoft.CostManagement, you can understand you have the sum of permissions Microsoft.CostManagement/externalBillingAccounts/query/* and Microsoft.CostManagement/externalSubscriptions/query/*, etc.

Reference - https://learn.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations#microsoftcostmanagement

Deploy filtered metrics on Azure dashboard with Bicep
IAsyncEnumerable JSON streaming is not streaming on azure web app running on IIS
node-fetch azure document translator
Need help getting Azure AD B2C SSO with Azure AD
Unable to get all users from Microsoft Graph using Python SDK
You need to ensure that WebApp1 uses the ASP.NET v4.7 runtime stack
MS Graph API - How to query additional pages
how to hash users into random values in azure databricks
How can I manage Azure SQL user/login/credentials
How to connect secrets value stored in Azure key vault to Azure app service env variables directly
AVD Insights Host Performance Blade Empty after vhange to new Azure Monitoring Agent
How to get a list of users from azure graph API
Azure App Service Flask Deployment Error: "Failed to Respond to HTTP Pings on Port 8000; Site Start Failed. Check Container Logs for Debugging."
Azure Function App - No continuous deployment setting for "Flex Consumption" hosting plan?
Az-GetRoleAssigments Not returning Data for DisplayName, SignInName & Object Type - Azure Powershell Runbook
Can you publish a new standalone Angular project (esproj) directly from VS2022 to Azure?
Cors configuration
Publish error: Found multiple publish output files with the same relative path
remove event subscriptions from system topics
Is it possible to use .env in a React Web project?
Sign in to Azure Account from VS Code
How to copy blobs from azure to aws using python?
AKV10032: Invalid issuer error when connecting to Azure Key Vault from App Service
how to mask hash users into random values [email protected] in azure databricks
Can we use PostgREST API with Azure
Bicep adding DNS Records saying already exists when it doesn't
Issue in sending personal message in MS Teams with Graph API
import files to databricks workspace
Create an Api connection to log analytics workspace via bicep
az funcapp publish .net8 Isolated breaking Azure configuration runtime settings on Sync