If the customer going to manage the payments, in this case the recommended way is,
- Creating a new GCP account for the customer, if the customer don't have an account.
- Create a Google payments profile, if the customer don't have any.
- Create a new billing account and choose the respective payment profile or you get a provision to create a payment profile while creating the billing account, which by
default comes with
Billing Account Administrator role.
- Finally, link the project to the billing account.
As the billing administrator(customer), he can add other members to the billing resource with roles such as Billing Account User, Billing account viewer, etc .. depends on the requirement.
For example, the member who got assigned as Billing Account User, can link the projects to the billing account managed by the customer, but won't able to update the billing account.
By doing above, the billing part will be restricted from others.
Additional Info:
- Even the customer owns the billing account, it doesn't mean he can access all the projects linked to his billing account. He can access only the projects that he created and got the respective project access.
- In other end, the user won't be able to update the billing account of the customer and also the user won't be able to see other projects attached to the customer billing account, apart from the projects he manages.
