Hi
Because you've applied the locks directly to the RG, you've made the RG both Read-Only (so no resources can be deployed to the RG) and also you cannot delete the RG.
Take a look at this MS Learn article, there you'll find more in-depth details about applying locks to both resource groups and the resources within them, and the effects of applying locks to resources:
https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources?tabs=json
From the article:
- You can set locks that prevent either deletions or modifications. In the portal, these locks are called Delete and Read-only. In the command line, these locks are called CanNotDelete and ReadOnly.
- CanNotDelete means authorized users can read and modify a resource, but they can't delete it.
ReadOnly means authorized users can read a resource, but they can't delete or update it. Applying this lock is similar to restricting all authorized users to the permissions that the Reader role provides.
Thanks
Michael Durkan
- If the reply was helpful please upvote and/or accept as answer as this helps others in the community with similar questions. Thanks!