Microsoft Azure offers a feature known as ‘Locks’. It enables to prevent deletion and applying unexpected changes to azure resources accidentally. By default, Owner and User administrators have access to apply Locks.
There are two types of Locks: CanNotDelete and ReadOnly
CanNotDelete means authorized users can still read and modify a resource, but they can’t delete the resource.
ReadOnly means authorized users can read a resource, but they can’t delete or update the resource. Applying this lock is similar to restricting all authorized users to the permissions granted by the Reader role
You can apply locks on followings levels in Azure
- Resource Group
How to apply Locks?
Go to Azure Portal and select the resource. In my case I am applying it at resource level (SQL database).
Under settings, click on ‘Locks’ to open the blade, enter the lock details and click on ‘Add’.
Once the lock is created, go to resource and click on delete. Azure will give you an error message saying delete operation can not be performed because it is locked.
Now we know what locks are and what they do. We can apply them on all kind of resources. Especially on resources which if deleted can not be recovered. For example, storage, if ‘soft delete’ is not ON, once storage account is deleted, it can not be recovered. Other scenario can be if you have multiple co-admins, contributors in your organisation and you want to make sure no resource is deleted accidentally, you can lock those resources. In a nutshell, locks can be used in a lot of ways and can make our life easy.