Blob Containers - Create Or Update Immutability Policy
Creates or updates an unlocked immutability policy. ETag in If-Match is honored if given but not required for this operation.
PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Storage/storageAccounts/{accountName}/blobServices/default/containers/{containerName}/immutabilityPolicies/default?api-version=2023-05-01
URI Parameters
Name | In | Required | Type | Description |
---|---|---|---|---|
account
|
path | True |
string |
The name of the storage account within the specified resource group. Storage account names must be between 3 and 24 characters in length and use numbers and lower-case letters only. Regex pattern: |
container
|
path | True |
string |
The name of the blob container within the specified storage account. Blob container names must be between 3 and 63 characters in length and use numbers, lower-case letters and dash (-) only. Every dash (-) character must be immediately preceded and followed by a letter or number. |
immutability
|
path | True |
The name of the blob container immutabilityPolicy within the specified storage account. ImmutabilityPolicy Name must be 'default' |
|
resource
|
path | True |
string |
The name of the resource group within the user's subscription. The name is case insensitive. Regex pattern: |
subscription
|
path | True |
string |
The ID of the target subscription. |
api-version
|
query | True |
string |
The API version to use for this operation. |
Request Header
Name | Required | Type | Description |
---|---|---|---|
If-Match |
string |
The entity state (ETag) version of the immutability policy to update must be returned to the server for all update operations. The ETag value must include the leading and trailing double quotes as returned by the service. |
Request Body
Name | Type | Description |
---|---|---|
properties.allowProtectedAppendWrites |
boolean |
This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to an append blob while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API. |
properties.allowProtectedAppendWritesAll |
boolean |
This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to both 'Append and Bock Blobs' while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API. The 'allowProtectedAppendWrites' and 'allowProtectedAppendWritesAll' properties are mutually exclusive. |
properties.immutabilityPeriodSinceCreationInDays |
integer |
The immutability period for the blobs in the container since the policy creation, in days. |
Responses
Name | Type | Description |
---|---|---|
200 OK |
OK -- Creates or updates container ImmutabilityPolicy operation completed successfully. Headers ETag: string |
Security
azure_auth
Azure Active Directory OAuth2 Flow
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
Name | Description |
---|---|
user_impersonation | impersonate your user account |
Examples
Create |
Create |
CreateOrUpdateImmutabilityPolicy
Sample request
PUT https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/res1782/providers/Microsoft.Storage/storageAccounts/sto7069/blobServices/default/containers/container6397/immutabilityPolicies/default?api-version=2023-05-01
{
"properties": {
"immutabilityPeriodSinceCreationInDays": 3,
"allowProtectedAppendWrites": true
}
}
Sample response
{
"id": "/subscriptions/{subscription-id}/resourceGroups/res1782/providers/Microsoft.Storage/storageAccounts/sto7069/blobServices/default/containers/container6397/immutabilityPolicies/default",
"name": "default",
"type": "Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies",
"etag": "\"8d59f830cb130e5\"",
"properties": {
"immutabilityPeriodSinceCreationInDays": 3,
"allowProtectedAppendWrites": true,
"state": "Unlocked"
}
}
CreateOrUpdateImmutabilityPolicyWithAllowProtectedAppendWritesAll
Sample request
PUT https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/res1782/providers/Microsoft.Storage/storageAccounts/sto7069/blobServices/default/containers/container6397/immutabilityPolicies/default?api-version=2023-05-01
{
"properties": {
"immutabilityPeriodSinceCreationInDays": 3,
"allowProtectedAppendWritesAll": true
}
}
Sample response
{
"id": "/subscriptions/{subscription-id}/resourceGroups/res1782/providers/Microsoft.Storage/storageAccounts/sto7069/blobServices/default/containers/container6397/immutabilityPolicies/default",
"name": "default",
"type": "Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies",
"etag": "\"8d59f830cb130e5\"",
"properties": {
"immutabilityPeriodSinceCreationInDays": 3,
"allowProtectedAppendWritesAll": true,
"state": "Unlocked"
}
}
Definitions
Name | Description |
---|---|
Immutability |
The ImmutabilityPolicy property of a blob container, including Id, resource name, resource type, Etag. |
Immutability |
The name of the blob container immutabilityPolicy within the specified storage account. ImmutabilityPolicy Name must be 'default' |
Immutability |
The ImmutabilityPolicy state of a blob container, possible values include: Locked and Unlocked. |
ImmutabilityPolicy
The ImmutabilityPolicy property of a blob container, including Id, resource name, resource type, Etag.
Name | Type | Description |
---|---|---|
etag |
string |
Resource Etag. |
id |
string |
Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} |
name |
string |
The name of the resource |
properties.allowProtectedAppendWrites |
boolean |
This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to an append blob while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API. |
properties.allowProtectedAppendWritesAll |
boolean |
This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to both 'Append and Bock Blobs' while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API. The 'allowProtectedAppendWrites' and 'allowProtectedAppendWritesAll' properties are mutually exclusive. |
properties.immutabilityPeriodSinceCreationInDays |
integer |
The immutability period for the blobs in the container since the policy creation, in days. |
properties.state |
The ImmutabilityPolicy state of a blob container, possible values include: Locked and Unlocked. |
|
type |
string |
The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" |
ImmutabilityPolicyName
The name of the blob container immutabilityPolicy within the specified storage account. ImmutabilityPolicy Name must be 'default'
Name | Type | Description |
---|---|---|
default |
string |
ImmutabilityPolicyState
The ImmutabilityPolicy state of a blob container, possible values include: Locked and Unlocked.
Name | Type | Description |
---|---|---|
Locked |
string |
|
Unlocked |
string |