Azure Fundamentals (AZ-900)

Last Updated: 1/25/2023

Resource Locks

  • A resource lock prevents resources from being accidentally deleted or changed.
  • Resource locks can be applied to individual resources, resource groups, or even an entire subscription.
  • Resource locks are inherited, meaning that if you place a resource lock on a resource group, all of the resources within the resource group will also have the resource lock applied.
  • You can manage resource locks from the Azure portal, PowerShell, the Azure CLI, or from an Azure Resource Manager template.
  • To view, add, or delete locks in the Azure portal, go to the Settings section of any resource's in the Azure portal.
  • To modify a locked resource, you must first remove the lock. After you remove the lock, you can apply any action you have permissions to perform.
  • Resource locks apply regardless of RBAC permissions. Even if you're an owner of the resource, you must still remove the lock before you can perform the blocked activity.

Types of Resource Locks

  • Delete Lock: means authorized users can still read and modify a resource, but they can't delete the resource.
  • ReadOnly: means authorized users can read a resource, but they can't delete or update the resource. Applying this lock is similar to restricting all authorized users to the permissions granted by the Reader role.
Previous
Next