Use of Azure Resource Manager locks
In this tutorial, we will learn the use of Azure Resource Manager locks.
Resource locks are used to prevent resources from being accidentally deleted or changed. Even with role-based access control policies in place, there’s still a risk that people with the correct level of access could delete a critical resource. Azure resource locks prevent users from accidentally deleting or modifying a critical resource. Moreover, they can apply to a subscription, a resource group, or a resource.
For example, there may be times when an administrator needs to lock a subscription, a resources group, or a resource. In these situations, a lock would apply to prevent users from accidentally deleting or modifying a critical resource.
A lock level can be set to CanNotDelete or ReadOnly. In the portal, the locks are Delete and Read-only respectively.
- CanNotDelete means authorized users can still read and modify a resource, but they can’t delete the resource.
- ReadOnly means authorized users can read a resource, but they can’t delete or update the resource. Applying this lock is similar to restricting all authorized users to the permissions granted by the Reader role.
A resource can have more than one lock. For example, a resource may have a ReadOnly lock and a CanNotDelete lock. When you apply a lock at a parent scope, all resources within that scope inherit that lock. Even resources you add later inherit the lock from the parent. The most restrictive lock in the inheritance takes precedence.
Resource Manager locks apply only to operations that happen in the management plane. The locks don’t restrict how resources complete their functions. If a lock apply, then, changes to the actual resource are restricts. But resource operations will not restrict. For example, a ReadOnly lock on an Azure SQL Database logical server prevents deletion or modification of the server. However, it doesn’t prevent you from creating, updating, or deleting data in the databases on that server.
Reference: Microsoft Documentation