Management Locks - Create Or Update At Resource Level

服務:

Resource Management

API 版本:

2016-09-01

在資源層級或資源下方的任何層級建立或更新管理鎖定。
當您在父範圍套用鎖定時，所有子系資源都會都繼承相同的鎖定。 若要建立管理鎖定，您必須能夠存取 Microsoft.Authorization/* 或 Microsoft.Authorization/locks/* 動作。 在內建角色中，只有「擁有者」和「使用者存取管理員」被授與這些動作的存取權。

PUT https://management.azure.com/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{parentResourcePath}/{resourceType}/{resourceName}/providers/Microsoft.Authorization/locks/{lockName}?api-version=2016-09-01

URI 參數

名稱	位於	必要	類型	Description
lockName	path	True	string	鎖定的名稱。 鎖定名稱最多可以有 260 個字元。 它不能包含 <、 > %&、：、、?、/或任何控制字元。
parentResourcePath	path	True	string	父資源識別。
resourceGroupName	path	True	string	包含要鎖定之資源的資源組名。 Regex 模式: ^[-\w\._\(\)]+$
resourceName	path	True	string	要鎖定的資源名稱。
resourceProviderNamespace	path	True	string	要鎖定之資源的資源提供者命名空間。
resourceType	path	True	string	要鎖定之資源的資源類型。
subscriptionId	path	True	string	目標訂用帳戶的標識碼。
api-version	query	True	string	要用於作業的 API 版本。

要求本文

名稱	必要	類型	Description
properties.level	True	LockLevel	鎖定的層級。 可能的值為：NotSpecified、CanNotDelete、ReadOnly。 CanNotDelete 表示授權的用戶能夠讀取和修改資源，但無法刪除。 ReadOnly 表示授權的使用者只能從資源讀取，但無法修改或刪除它。
properties.notes		string	鎖定的相關注意事項。 最多 512 個字元。
properties.owners		ManagementLockOwner[]	鎖定的擁有者。

回應

名稱	類型	Description
200 OK	ManagementLockObject	確定 - 傳回鎖定的相關信息。
201 Created	ManagementLockObject	建立 - 傳回鎖定的相關信息。

安全性

azure_auth

Azure Active Directory OAuth2 Flow

類型: oauth2
Flow: implicit
授權 URL: https://login.microsoftonline.com/common/oauth2/authorize

範圍

名稱	Description
user_impersonation	模擬您的用戶帳戶

範例

Create management lock at resource level

範例要求

HTTP

PUT https://management.azure.com/subscriptions/subscriptionId/resourcegroups/resourcegroupname/providers/Microsoft.Storage/parentResourcePath/storageAccounts/teststorageaccount/providers/Microsoft.Authorization/locks/testlock?api-version=2016-09-01

{
  "properties": {
    "level": "ReadOnly"
  }
}

Java

import com.azure.core.util.Context;
import com.azure.resourcemanager.resources.fluent.models.ManagementLockObjectInner;
import com.azure.resourcemanager.resources.models.LockLevel;

/** Samples for ManagementLocks CreateOrUpdateAtResourceLevel. */
public final class Main {
    /*
     * x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2016-09-01/examples/ManagementLocks_CreateOrUpdateAtResourceLevel.json
     */
    /**
     * Sample code: Create management lock at resource level.
     *
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void createManagementLockAtResourceLevel(com.azure.resourcemanager.AzureResourceManager azure) {
        azure
            .genericResources()
            .manager()
            .managementLockClient()
            .getManagementLocks()
            .createOrUpdateAtResourceLevelWithResponse(
                "resourcegroupname",
                "Microsoft.Storage",
                "parentResourcePath",
                "storageAccounts",
                "teststorageaccount",
                "testlock",
                new ManagementLockObjectInner().withLevel(LockLevel.READ_ONLY),
                Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Python

from azure.identity import DefaultAzureCredential

from azure.mgmt.resource import ManagementLockClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-resource
# USAGE
    python management_locks_create_or_update_at_resource_level.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = ManagementLockClient(
        credential=DefaultAzureCredential(),
        subscription_id="subscriptionId",
    )

    response = client.management_locks.create_or_update_at_resource_level(
        resource_group_name="resourcegroupname",
        resource_provider_namespace="Microsoft.Storage",
        parent_resource_path="parentResourcePath",
        resource_type="storageAccounts",
        resource_name="teststorageaccount",
        lock_name="testlock",
        parameters={"properties": {"level": "ReadOnly"}},
    )
    print(response)


# x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2016-09-01/examples/ManagementLocks_CreateOrUpdateAtResourceLevel.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { ManagementLockClient } = require("@azure/arm-locks-profile-2020-09-01-hybrid");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to When you apply a lock at a parent scope, all child resources inherit the same lock. To create management locks, you must have access to Microsoft.Authorization/* or Microsoft.Authorization/locks/* actions. Of the built-in roles, only Owner and User Access Administrator are granted those actions.
 *
 * @summary When you apply a lock at a parent scope, all child resources inherit the same lock. To create management locks, you must have access to Microsoft.Authorization/* or Microsoft.Authorization/locks/* actions. Of the built-in roles, only Owner and User Access Administrator are granted those actions.
 * x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2016-09-01/examples/ManagementLocks_CreateOrUpdateAtResourceLevel.json
 */
async function createManagementLockAtResourceLevel() {
  const subscriptionId = process.env["LOCKS_SUBSCRIPTION_ID"] || "subscriptionId";
  const resourceGroupName = process.env["LOCKS_RESOURCE_GROUP"] || "resourcegroupname";
  const resourceProviderNamespace = "Microsoft.Storage";
  const parentResourcePath = "parentResourcePath";
  const resourceType = "storageAccounts";
  const resourceName = "teststorageaccount";
  const lockName = "testlock";
  const parameters = { level: "ReadOnly" };
  const credential = new DefaultAzureCredential();
  const client = new ManagementLockClient(credential, subscriptionId);
  const result = await client.managementLocks.createOrUpdateAtResourceLevel(
    resourceGroupName,
    resourceProviderNamespace,
    parentResourcePath,
    resourceType,
    resourceName,
    lockName,
    parameters
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

範例回覆

狀態碼:

201

{
  "properties": {
    "level": "ReadOnly"
  },
  "id": "/providers/Microsoft.Authorization/locks/testlock",
  "type": "Microsoft.Authorization/locks",
  "name": "testlock"
}

狀態碼:

200

{
  "properties": {
    "level": "ReadOnly"
  },
  "id": "/providers/Microsoft.Authorization/locks/testlock",
  "type": "Microsoft.Authorization/locks",
  "name": "testlock"
}

定義

名稱	Description
LockLevel	鎖定的層級。 可能的值為：NotSpecified、CanNotDelete、ReadOnly。 CanNotDelete 表示授權的用戶能夠讀取和修改資源，但無法刪除。 ReadOnly 表示授權的使用者只能從資源讀取，但無法修改或刪除它。
ManagementLockObject	鎖定資訊。
ManagementLockOwner	鎖定擁有者屬性。

LockLevel

鎖定的層級。 可能的值為：NotSpecified、CanNotDelete、ReadOnly。 CanNotDelete 表示授權的用戶能夠讀取和修改資源，但無法刪除。 ReadOnly 表示授權的使用者只能從資源讀取，但無法修改或刪除它。

名稱	類型	Description
CanNotDelete	string
NotSpecified	string
ReadOnly	string

ManagementLockObject

鎖定資訊。

名稱	類型	Description
id	string	鎖定的資源標識碼。
name	string	鎖定的名稱。
properties.level	LockLevel	鎖定的層級。 可能的值為：NotSpecified、CanNotDelete、ReadOnly。 CanNotDelete 表示授權的用戶能夠讀取和修改資源，但無法刪除。 ReadOnly 表示授權的使用者只能從資源讀取，但無法修改或刪除它。
properties.notes	string	鎖定的相關注意事項。 最多 512 個字元。
properties.owners	ManagementLockOwner[]	鎖定的擁有者。
type	string	鎖定的資源類型 - Microsoft.Authorization/locks。

ManagementLockOwner

鎖定擁有者屬性。

名稱	類型	Description
applicationId	string	鎖定擁有者的應用程式識別碼。