Management Locks - Create Or Update At Resource Group Level

Creates or updates a management lock at the resource group level.
When you apply a lock at a parent scope, all child resources inherit the same lock. To create management locks, you must have access to Microsoft.Authorization/* or Microsoft.Authorization/locks/* actions. Of the built-in roles, only Owner and User Access Administrator are granted those actions.

PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Authorization/locks/{lockName}?api-version=2016-09-01

URI Parameters

Name In Required Type Description
lockName
path True
  • string

The lock name. The lock name can be a maximum of 260 characters. It cannot contain <, > %, &, :, , ?, /, or any control characters.

resourceGroupName
path True
  • string

The name of the resource group to lock.

Regex pattern: ^[-\w\._\(\)]+$

subscriptionId
path True
  • string

The ID of the target subscription.

api-version
query True
  • string

The API version to use for the operation.

Request Body

Name Required Type Description
properties.level True

The level of the lock. Possible values are: NotSpecified, CanNotDelete, ReadOnly. CanNotDelete means authorized users are able to read and modify the resources, but not delete. ReadOnly means authorized users can only read from a resource, but they can't modify or delete it.

properties.notes
  • string

Notes about the lock. Maximum of 512 characters.

properties.owners

The owners of the lock.

Responses

Name Type Description
200 OK

OK - Returns information about the lock.

201 Created

Created - Returns information about the lock.

Security

azure_auth

Azure Active Directory OAuth2 Flow

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name Description
user_impersonation impersonate your user account

Definitions

LockLevel

The level of the lock. Possible values are: NotSpecified, CanNotDelete, ReadOnly. CanNotDelete means authorized users are able to read and modify the resources, but not delete. ReadOnly means authorized users can only read from a resource, but they can't modify or delete it.

ManagementLockObject

The lock information.

ManagementLockOwner

Lock owner properties.

LockLevel

The level of the lock. Possible values are: NotSpecified, CanNotDelete, ReadOnly. CanNotDelete means authorized users are able to read and modify the resources, but not delete. ReadOnly means authorized users can only read from a resource, but they can't modify or delete it.

Name Type Description
CanNotDelete
  • string
NotSpecified
  • string
ReadOnly
  • string

ManagementLockObject

The lock information.

Name Type Description
id
  • string

The resource ID of the lock.

name
  • string

The name of the lock.

properties.level

The level of the lock. Possible values are: NotSpecified, CanNotDelete, ReadOnly. CanNotDelete means authorized users are able to read and modify the resources, but not delete. ReadOnly means authorized users can only read from a resource, but they can't modify or delete it.

properties.notes
  • string

Notes about the lock. Maximum of 512 characters.

properties.owners

The owners of the lock.

type
  • string

The resource type of the lock - Microsoft.Authorization/locks.

ManagementLockOwner

Lock owner properties.

Name Type Description
applicationId
  • string

The application ID of the lock owner.