Management Locks - Create Or Update At Subscription Level
Creates or updates a management lock at the subscription level.
When you apply a lock at a parent scope, all child resources inherit the same lock. To create management locks, you must have access to Microsoft.Authorization/* or Microsoft.Authorization/locks/* actions. Of the built-in roles, only Owner and User Access Administrator are granted those actions.
PUT https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/locks/{lockName}?api-version=2016-09-01
URI Parameters
Name | In | Required | Type | Description |
---|---|---|---|---|
lock
|
path | True |
string |
The name of lock. The lock name can be a maximum of 260 characters. It cannot contain <, > %, &, :, , ?, /, or any control characters. |
subscription
|
path | True |
string |
The ID of the target subscription. |
api-version
|
query | True |
string |
The API version to use for the operation. |
Request Body
Name | Required | Type | Description |
---|---|---|---|
properties.level | True |
The level of the lock. Possible values are: NotSpecified, CanNotDelete, ReadOnly. CanNotDelete means authorized users are able to read and modify the resources, but not delete. ReadOnly means authorized users can only read from a resource, but they can't modify or delete it. |
|
properties.notes |
string |
Notes about the lock. Maximum of 512 characters. |
|
properties.owners |
The owners of the lock. |
Responses
Name | Type | Description |
---|---|---|
200 OK |
OK - Returns information about the lock. |
|
201 Created |
Created - Returns information about the lock. |
Security
azure_auth
Azure Active Directory OAuth2 Flow
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
Name | Description |
---|---|
user_impersonation | impersonate your user account |
Examples
Create management lock at subscription level
Sample request
PUT https://management.azure.com/subscriptions/subscriptionId/providers/Microsoft.Authorization/locks/testlock?api-version=2016-09-01
{
"properties": {
"level": "ReadOnly"
}
}
Sample response
{
"properties": {
"level": "ReadOnly"
},
"id": "/providers/Microsoft.Authorization/locks/testlock",
"type": "Microsoft.Authorization/locks",
"name": "testlock"
}
{
"properties": {
"level": "ReadOnly"
},
"id": "/providers/Microsoft.Authorization/locks/testlock",
"type": "Microsoft.Authorization/locks",
"name": "testlock"
}
Definitions
Name | Description |
---|---|
Lock |
The level of the lock. Possible values are: NotSpecified, CanNotDelete, ReadOnly. CanNotDelete means authorized users are able to read and modify the resources, but not delete. ReadOnly means authorized users can only read from a resource, but they can't modify or delete it. |
Management |
The lock information. |
Management |
Lock owner properties. |
LockLevel
The level of the lock. Possible values are: NotSpecified, CanNotDelete, ReadOnly. CanNotDelete means authorized users are able to read and modify the resources, but not delete. ReadOnly means authorized users can only read from a resource, but they can't modify or delete it.
Name | Type | Description |
---|---|---|
CanNotDelete |
string |
|
NotSpecified |
string |
|
ReadOnly |
string |
ManagementLockObject
The lock information.
Name | Type | Description |
---|---|---|
id |
string |
The resource ID of the lock. |
name |
string |
The name of the lock. |
properties.level |
The level of the lock. Possible values are: NotSpecified, CanNotDelete, ReadOnly. CanNotDelete means authorized users are able to read and modify the resources, but not delete. ReadOnly means authorized users can only read from a resource, but they can't modify or delete it. |
|
properties.notes |
string |
Notes about the lock. Maximum of 512 characters. |
properties.owners |
The owners of the lock. |
|
type |
string |
The resource type of the lock - Microsoft.Authorization/locks. |
ManagementLockOwner
Lock owner properties.
Name | Type | Description |
---|---|---|
applicationId |
string |
The application ID of the lock owner. |