azure-docs icon indicating copy to clipboard operation
azure-docs copied to clipboard

Published 20 hours ago verified publisher icon MicrosoftDocs

It seems that setting azure resource lock will result many problems, so what the meaning of it?

Open hsszlll opened this issue 2 years ago • 7 comments

[Enter feedback here]

Document Details

Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.

hsszlll avatar Oct 12 '22 06:10 hsszlll

@hsszlll Thanks for reaching out. There are certain things you need to consider when applying a lock to resource. Each resource when applied with lock impacts the operations that can be performed by respective resource. The document you are referring to provides the impacts or problems you may encounter based on the resource type when locks are applied.

SwathiDhanwada-MSFT avatar Oct 12 '22 08:10 SwathiDhanwada-MSFT

@SwathiDhanwada-MSFT Thanks for reply. In order to protect our azure resource from accidentally deleted, I want to set can not delete lock on resource, but it exists some impacts or problems, so I have to give up this plan, do you known some better way to achieve this?

hsszlll avatar Oct 13 '22 02:10 hsszlll

@hsszll Resources Locks are the recommended option. Can you please let me know for which resource are you trying to apply lock for?

SwathiDhanwada-MSFT avatar Oct 13 '22 05:10 SwathiDhanwada-MSFT

@SwathiDhanwada-MSFT We have these resources to lock image

image

hsszlll avatar Oct 14 '22 05:10 hsszlll

@hsszlll - a cannot-delete lock works with most resource types. You could apply locks to individual resources rather than the resource group to avoid problems with features like auto-deleting deployments from the history. What concerns do you have about applying cannot-delete locks to the resource types you listed?

tfitzmac avatar Oct 15 '22 14:10 tfitzmac

@tfitzmac So we can set lock on resource rather than resource group. But I still have a question for you to answer.Although I don't set lock on resource group, but due to Lock inheritance(showing in follow figure), the deletion will still fail. image

hsszlll avatar Oct 17 '22 02:10 hsszlll

The lock prevents you from deleting the resource group, which is what you would want if you have a cannot-delete lock on one of the resources. It doesn't prevent you from individually deleting other resources that aren't locked.

tfitzmac avatar Oct 17 '22 11:10 tfitzmac

Thanks @tfitzmac , what fact I known is setting lock on resource will influence deletion of resource group, setting lock on resource group will influence auto-deleting deployments history, so that whether setting lock on resource will influence auto-deleting deployments history? If the answer is no, I will with no concer to set can-not lock on resources.

hsszlll avatar Oct 18 '22 08:10 hsszlll

No, setting a lock on a resource does not affect auto-deleting deployment history.

tfitzmac avatar Oct 18 '22 15:10 tfitzmac

@hsszll Did you get chance to look into tfitzmac's comment ? Do revert if you have further questions.

SwathiDhanwada-MSFT avatar Oct 20 '22 10:10 SwathiDhanwada-MSFT

We'll close this for now, but feel free to reopen if needed. #please-close

tfitzmac avatar Oct 24 '22 14:10 tfitzmac