Set up multi-project cost view access to Cloud Billing accounts

In Cloud Billing accounts, multi-project access to usage costs lets solution owners see the cost data for all their projects in a single view in the Cloud Billing console. The multi-project view uses a combination of Cloud Billing account permissions and project permissions that let Cloud Billing administrators and organization administrators jointly control access to project-level cost data.

Using project-scoped Cloud Billing account permissions, Cloud Billing administrators can control which solution owners can view aggregated cost data in the Cloud Billing console.

Get started

Read this document to learn about the permissions required to get multi-project cost view access.
Give project-scoped billing account permissions to solution owners.

Permissions required to get multi-project cost view access

To get multi-project access to costs views in the Cloud Billing console, which enables project owners, solution owners, developers, and other non-billing admins to view aggregated costs for their authorized projects, you need the following permissions:

Google Cloud project permissions: To view the costs accrued in a project, you need billing-specific project-side permissions granted on each of your authorized Google Cloud projects. Project permissions are typically managed by project owners.
Cloud Billing account permissions: You need project-scoped billing account permissions on the Cloud Billing accountthat is linked to your authorized projects . Cloud Billing permissions are typically managed by a Billing Account Administrator .

Project permissions

Project permissions are granted with roles on the Google Cloud project or folder. You can grant project permissions using a custom role, or with a predefined role . To view costs for a project, and access other billing tools for the project such as budgets and cost anomalies, you need a role on each project that includes the following permissions:

Permissions

Purpose

Predefined roles

resourcemanager.projects.get

To browse or retrieve details about a project, including the name and ID of the Cloud Billing account that is linked to the project.

billing.resourceCosts.get

To view costs for a project in Cloud Billing reports.

billing.resourcebudgets.read
billing.resourcebudgets.write

To view and manage budgets for a project in the Cloud Billing console.

billing.anomalies.get
billing.anomalies.list

To view cost anomalies for a project in the Cloud Billing console.

Cloud Billing account permissions

Cloud Billing account permissions are granted with roles on the Cloud Billing account. To view the aggregated costs for all of your authorized Google Cloud projects that are linked to a Cloud Billing account, you need a role on the billing account that includes the following permissions :

Permissions

Purpose

Predefined role (recommended)

billing.accounts.get

View the basic properties and metadata of a Cloud Billing account.

Project Billing Costs Manager

roles/billing.projectCostsManager

billing.accounts.getIamPolicy

Lets users view the IAM assignments to a billing account, such as principals who are Billing Account Administrators and Billing Account Viewers.

billing.accounts.getSpendingInformationScoped

View costs and usage for a billing account, scoped to the projects that the current authenticated user has permission to view.

billing.costRecommendations.listScoped

Access the FinOps hub in the Cloud Billing console to view cost recommendations scoped to the projects that the current authenticated user has permission to view.

You can grant the billing account permissions using a custom role, or with the project-scoped predefined billing account role :

Name: billing.projectCostsManager
Title: Project Billing Costs Manager

For more information about Google Cloud project permissions, see:

For more information about Cloud Billing account permissions, see:

Grant permissions

Project administratorscan grant the project permissions . Many solution owners in your organization might already have the required billing-specific project permissions, because they are the same as those needed to access the single-project view in the Cloud Billing console.

Billing Account Administratorscan grant the required billing account permissions .

After your users are granted both the project-side and the billing account permissions, they can access cost data in the relevant billing account for their projects.

Project-scoped Cloud Billing account permissions

To provide the required Cloud Billing account permissions for multi-project access to the Cloud Billing console, we recommend you use the predefined billing role Project Billing Costs Manager .

To grant multi-project billing account permissions to solution owners, in the Google Cloud console, follow this process:

Ensure that you have the permissions required to manage user access on a billing account .
In the Google Cloud console, go to the Account managementpage for the Cloud Billing account:

Go to Account Management in Cloud Billing
At the prompt, choose the Cloud Billing accountthat you want to manage.

The Account managementpage for that account opens.

You can also open this page by clicking the Account managementmenu item in the billing account navigation menu.
In the Infopanel, review and edit the Principalsand Permissionsfor the selected Cloud Billing account. If the panel isn't already visible, click Show info panelto open it.
To add new principals and assign permissions, click Add principal.
In the New principalsfield, enter the principals you want to add. You can add individual users' email addresses, groups, domains, or service accounts as principals.
In the Assign rolessection, from the Select a roledrop-down list, select Project Billing Costs Manager.
Click Save.

What's next

Learn more about the Cloud Billing tools that are available to Google Cloud project owners .