How to use Azure Resouce Group Lock?

Nishant Potdar 81 Reputation points

Hi There,
I've created a test Resouce Group and created two locks for the group (Read-only and Delete).
I want to know how to use these locks simultaneously.

I would appreciate your help in clarifying the concept for me.


Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
724 questions
0 comments No comments
{count} votes

Accepted answer
  1. Michael Durkan 12,196 Reputation points MVP


    Because you've applied the locks directly to the RG, you've made the RG both Read-Only (so no resources can be deployed to the RG) and also you cannot delete the RG.

    Take a look at this MS Learn article, there you'll find more in-depth details about applying locks to both resource groups and the resources within them, and the effects of applying locks to resources:

    From the article:

    • You can set locks that prevent either deletions or modifications. In the portal, these locks are called Delete and Read-only. In the command line, these locks are called CanNotDelete and ReadOnly.
    • CanNotDelete means authorized users can read and modify a resource, but they can't delete it.
      ReadOnly means authorized users can read a resource, but they can't delete or update it. Applying this lock is similar to restricting all authorized users to the permissions that the Reader role provides.


    Michael Durkan

    • If the reply was helpful please upvote and/or accept as answer as this helps others in the community with similar questions. Thanks!

0 additional answers

Sort by: Most helpful