Locks are mechanisms for stopping certain activities on resources. RBAC provides rights to users, groups, and applications within a certain scope. There are out-of-the-box RBAC roles, such as owner, contributor, and reader. With the contributor role, it is possible to delete or modify a resource. How can such activities be prevented despite the user having a contributor role? Enter Azure locks.
Azure locks can help in two ways:
- They can lock resources such that they cannot be deleted, even if you have owner access.
- They can lock resources in such a way that it can be neither deleted nor have its configuration modified.
Locks are typically very helpful for resources in production environments that should not be modified or deleted accidentally.
Locks can be applied at the levels of subscription, resource group, and individual resource. Locks can be inherited between...