How to use Azure Resouce Group Lock?

Nishant Potdar 76 Reputation points
2022-10-30T07:40:52.233+00:00

Hi There,
I've created a test Resouce Group and created two locks for the group (Read-only and Delete).
I want to know how to use these locks simultaneously.
255389-image.png

I would appreciate your help in clarifying the concept for me.

Thanks,
Nishant

Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
666 questions
0 comments
Accepted answer
  1. Michael Durkan 12,151 Reputation points MVP
    2022-10-30T08:02:25.347+00:00

    Hi

    Because you've applied the locks directly to the RG, you've made the RG both Read-Only (so no resources can be deployed to the RG) and also you cannot delete the RG.

    Take a look at this MS Learn article, there you'll find more in-depth details about applying locks to both resource groups and the resources within them, and the effects of applying locks to resources:

    https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources?tabs=json

    From the article:

    • You can set locks that prevent either deletions or modifications. In the portal, these locks are called Delete and Read-only. In the command line, these locks are called CanNotDelete and ReadOnly.
    • CanNotDelete means authorized users can read and modify a resource, but they can't delete it.
      ReadOnly means authorized users can read a resource, but they can't delete or update it. Applying this lock is similar to restricting all authorized users to the permissions that the Reader role provides.

    Thanks

    Michael Durkan

    • If the reply was helpful please upvote and/or accept as answer as this helps others in the community with similar questions. Thanks!

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest