I saw this in the documentation:
You can also have multiple wildcards in a string. For example, the following string represents all query permissions for Cost Management.
Microsoft.CostManagement/*/query/*
What does the first wildcard mean before the query?
It represents the resources under the Microsoft.CostManagement
resource provider, e.g. externalBillingAccounts
, externalSubscriptions
.
With the action permission Microsoft.CostManagement/*/query/*
, you will be able to query usage data under Microsoft.CostManagement
, you can understand you have the sum of permissions Microsoft.CostManagement/externalBillingAccounts/query/*
and Microsoft.CostManagement/externalSubscriptions/query/*
, etc.