Reputation: 63
What are Azure Resource locks?
So to my understanding the delete lock doesn’t allow you to delete any resource correct? And the read only lock is basically allowing the user view only access. So is the read only lock the same thing as if I assigned the user reader permissions on the resource also?
Upvotes: 0
Views: 543
Answers (2)
Reputation: 136366
Adding more to the answer provided by NillsF.
Basically locks prevent accidental updates and deletes. When a user is in Reader role, whether a resource is locked or not, that user can't update or delete a resource.
However locks become important when the RBAC role allows a user to make an update or delete (e.g. a user in Contributor role).
If a resource is not locked, then that user can make updates and deletes if allowed by the role.
However if a resource is locked, then the user can't perform update/delete operation on a resource (in case a read-only lock is applied to the resource) or delete a resource (in case a delete lock is applied to the resource) even though their role certainly allow these operations.
Upvotes: 0
Reputation: 138
Your understanding is pretty much correct. There is however a slight difference between giving a user reader permissions vs applying a read-only lock. A reader user cannot force his way to make changes / delete resources. An owner can still (potentially temporarily) remove a lock, apply the changes an reapply the lock.
Upvotes: 2
Related Questions
- Resource Group Lock using ARM Template
- Azure resource deletion locks preventing deletion of role assignment on the resource
- Can an owner remove a read-only or non-delete lock in Azure?
- How to apply Azure resource locks to Resource Groups via Policy
- What does LockDuration means in Azure Service Bus
- What exactly is an Azure Resource Provider?
- What is a lock in Azure Container Registry
- How can I assure that newly created prod azure resources are locked by policy?
- How to ignore locked resources with 'Complete' mode deployment to Azure?
- Azure Resource Manager