DenySettings interface
Defines how resources deployed by the Deployment stack are locked.
Properties
| apply |
DenySettings will be applied to child resource scopes of every managed resource with a deny assignment. |
| excluded |
List of role-based management operations that are excluded from the denySettings. Up to 200 actions are permitted. If the denySetting mode is set to 'denyWriteAndDelete', then the following actions are automatically appended to 'excludedActions': '*/read' and 'Microsoft.Authorization/locks/delete'. If the denySetting mode is set to 'denyDelete', then the following actions are automatically appended to 'excludedActions': 'Microsoft.Authorization/locks/delete'. Duplicate actions will be removed. |
| excluded |
List of AAD principal IDs excluded from the lock. Up to 5 principals are permitted. |
| mode | denySettings Mode that defines denied actions. |
Property Details
applyToChildScopes
DenySettings will be applied to child resource scopes of every managed resource with a deny assignment.
applyToChildScopes?: booleanProperty Value
boolean
excludedActions
List of role-based management operations that are excluded from the denySettings. Up to 200 actions are permitted. If the denySetting mode is set to 'denyWriteAndDelete', then the following actions are automatically appended to 'excludedActions': '*/read' and 'Microsoft.Authorization/locks/delete'. If the denySetting mode is set to 'denyDelete', then the following actions are automatically appended to 'excludedActions': 'Microsoft.Authorization/locks/delete'. Duplicate actions will be removed.
excludedActions?: string[]Property Value
string[]
excludedPrincipals
List of AAD principal IDs excluded from the lock. Up to 5 principals are permitted.
excludedPrincipals?: string[]Property Value
string[]
mode
denySettings Mode that defines denied actions.
mode: stringProperty Value
string