![]() When you apply a lock at a parent scope, all resources within that scope inherit the same lock. Applying this lock is similar to restricting all authorized users to the permissions granted by the Reader role. ReadOnly means authorized users can read a resource, but they can't delete or update the resource.CanNotDelete means authorized users can still read and modify a resource, but they can't delete the resource.In the portal, the locks are called Delete and Read-only, respectively: You can set the lock level to CanNotDelete or ReadOnly. Lock in use cases where only specific roles and users with permissions can delete, or modify resources.Īs an administrator, you may need to lock a subscription, resource group, or resource to prevent other users in your organization from accidentally deleting or modifying critical resources. ![]() Use management locks to prevent deletion or modification of a resource, resource group, or subscription. Unlike Azure role-based access control, management locks are used to apply a restriction across all users and roles.Ĭritical infrastructure typically doesn't change often. Treat security teams as critical accounts and apply the same protections as administrators.Īzure RBAC documentation Management locksĪre there resource locks applied on critical parts of the infrastructure?
0 Comments
Leave a Reply. |