You may need to lock a subscription, resource group, or resource to prevent other users in your organization from accidentally deleting or modifying critical resources. You can set the lock level to CanNotDelete or ReadOnly. In the portal, the locks are called Delete and Read-only respectively.
1) CanNotDelete means authorized users can still read and modify a resource, but they can't delete the resource.
2) ReadOnly means authorized users can read a resource, but they can't delete or update the resource. Applying this lock is similar to restricting all authorized users to the permissions granted by the Reader role.
you must have access to Microsoft.Authorization/* or Microsoft.Authorization/locks/* actions. Of the built-in roles, only Owner and User Access Administrator are granted those actions.
1) CanNotDelete means authorized users can still read and modify a resource, but they can't delete the resource.
2) ReadOnly means authorized users can read a resource, but they can't delete or update the resource. Applying this lock is similar to restricting all authorized users to the permissions granted by the Reader role.
you must have access to Microsoft.Authorization/* or Microsoft.Authorization/locks/* actions. Of the built-in roles, only Owner and User Access Administrator are granted those actions.
#To lock a resource, provide the name of the resource, its
resource type, and its resource group name.
New-AzResourceLock -LockLevel CanNotDelete
-LockName LockSite
-ResourceName examplesite
-ResourceType Microsoft.Web/sites
-ResourceGroupName exampleresourcegroup
#or to forcely appy lock use below this will not ask for
confirmation and use ful for azure automation coding
New-AzResourceLock -LockName $LockName
-LockLevel CanNotDelete
-LockNotes "$LockNotes"
-ResourceName $serverName
-ResourceGroupName $resourceGroupName
-ResourceType $ResourceType
-Force
#Same In Azure CLI
az lock
create --name
LockSite --lock-type
CanNotDelete --resource-group
exampleresourcegroup --resource-name examplesite
--resource-type Microsoft.Web/sites
#To lock a resource group, provide the name of the resource
group.
#NOTE: A read-only
lock on a resource group that contains a virtual machine prevents all users
from starting or restarting the virtual machine. with read level lock you may
experance unexpected results so think twise before applying lock.
New-AzResourceLock -LockName LockGroup
-LockLevel CanNotDelete
-ResourceGroupName exampleresourcegroup
#In Azure CLI
az lock
create --name
LockGroup --lock-type
CanNotDelete --resource-group
exampleresourcegroup
#To get all locks for a resource, use:
Get-AzResourceLock -ResourceName examplesite
-ResourceType Microsoft.Web/sites
-ResourceGroupName exampleresourcegroup
#In Azure CLI
az lock
list --resource-group
exampleresourcegroup --resource-name examplesite
--namespace Microsoft.Web
--resource-type sites
--parent ""
#To delete a lock
$lockId = (Get-AzResourceLock -ResourceGroupName
exampleresourcegroup -ResourceName examplesite
-ResourceType Microsoft.Web/sites).LockId
Remove-AzResourceLock -LockId $lockId
lockid=$(az lock show --name
LockSite --resource-group exampleresourcegroup --resource-type
Microsoft.Web/sites --resource-name examplesite --output tsv --query id)
az lock
delete --ids
$lockid
#To Forcely remove the lock from the resource
Get-AzResourceLock -LockName $LockName
-ResourceGroupName $ResourceGroupName
-ResourceName $serverName
-ResourceType $ResourceType
| Remove-AzResourceLock
-Force
Post a Comment
Post a Comment
Thanks for your comment !
I will review your this and will respond you as soon as possible.