# Required Permissions

The following RBAC roles are granted to the Archera.ai Enterprise Application:

## Read Access

* **Storage Reader** - To read cost and usage reports that Azure exports to Blob storage
* **Billing Reader** - To read cost and usage reports generated by Azure displaying monthly usage across all services
* **Reservation Reader** - To read all existing reserved instances that exist in your Azure account
* **Savings Plan Reader** - To read all existing savings plans that exist in your Azure account

## One-Time Write Access

We utilize the compressed cost export feature inside Azure that adheres to the FinOps Cost Usage and Specification (FOCUS) dataset standards. This feature requires a blob storage account, so we utilize a one-time write action to configure the cost export.

For more details, see: [Microsoft Cost Management updates — announcing the new FOCUS report](https://azure.microsoft.com/en-us/blog/announcing-the-new-finops-cost-usage-specification-report-now-in-public-preview-in-azure-cost-management/)

## Related Resources

* [Azure Onboarding - Prerequisite Checklist](https://docs.archera.ai/help-center/azure-onboarding/prerequisite-checklist)
* [What information does Archera require to connect to my Azure account?](https://docs.archera.ai/help-center/azure-onboarding/required-information)
* [How Does Archera Access My Azure Environment](https://docs.archera.ai/help-center/security/azure-access)
* [Azure Offboarding](https://docs.archera.ai/help-center/azure-onboarding/offboarding)