Locking Resources in Azure

I look at locking resources within Azure as a safety mechanism where it can protect users from accidental deletion, it can get quite confusing within the portal if for example you have close to 100 databases.

There are 2 types of lock resources in Azure.

  • Delete – Obviously you can’t delete but you can read / modify a resource, this applies to authorised users.
  • ReadOnly – Authorised users can read a resource but they cannot edit or delete it.

For this blog post I create a delete lock on one of my SQL Databases. Under the settings of your SQL database you will see the LOCKS option.

port

You will then want to click ADD.

port1

That’s it – let’s put it to a test

Message from the portal:

The lock named NoDel was unable to be added or edited for the following reasons: {“jqXHR”:{“readyState”:4,”responseText”:”{\”error\”:{\”code\”:\”AuthorizationFailed\”,\”message\”:\”The client does not have authorization to perform action ‘Microsoft.Authorization/locks/write’ over scope

Well, that is not what I want! You must be Owner or User Access Administrator.

 Once you have addressed the permission issues just click OK.

port2

Now we can re-try the delete.

port3

You know how the saying goes – An ounce of prevention is worth a pound of cure.