Management Locks - Create Or Update At Subscription Level

Creates or updates a management lock at the subscription level.
When you apply a lock at a parent scope, all child resources inherit the same lock. To create management locks, you must have access to Microsoft.Authorization/* or Microsoft.Authorization/locks/* actions. Of the built-in roles, only Owner and User Access Administrator are granted those actions.

PUT https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/locks/{lockName}?api-version=2016-09-01

URI Parameters

Name In Required Type Description
lockName
path True

string

The name of lock. The lock name can be a maximum of 260 characters. It cannot contain <, > %, &, :, , ?, /, or any control characters.

subscriptionId
path True

string

The ID of the target subscription.

api-version
query True

string

The API version to use for the operation.

Request Body

Name Required Type Description
properties.level True

LockLevel

The level of the lock. Possible values are: NotSpecified, CanNotDelete, ReadOnly. CanNotDelete means authorized users are able to read and modify the resources, but not delete. ReadOnly means authorized users can only read from a resource, but they can't modify or delete it.

properties.notes

string

Notes about the lock. Maximum of 512 characters.

properties.owners

ManagementLockOwner[]

The owners of the lock.

Responses

Name Type Description
200 OK

ManagementLockObject

OK - Returns information about the lock.

201 Created

ManagementLockObject

Created - Returns information about the lock.

Security

azure_auth

Azure Active Directory OAuth2 Flow

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name Description
user_impersonation impersonate your user account

Examples

Create management lock at subscription level

Sample request

PUT https://management.azure.com/subscriptions/subscriptionId/providers/Microsoft.Authorization/locks/testlock?api-version=2016-09-01

{
  "properties": {
    "level": "ReadOnly"
  }
}

Sample response

{
  "properties": {
    "level": "ReadOnly"
  },
  "id": "/providers/Microsoft.Authorization/locks/testlock",
  "type": "Microsoft.Authorization/locks",
  "name": "testlock"
}
{
  "properties": {
    "level": "ReadOnly"
  },
  "id": "/providers/Microsoft.Authorization/locks/testlock",
  "type": "Microsoft.Authorization/locks",
  "name": "testlock"
}

Definitions

Name Description
LockLevel

The level of the lock. Possible values are: NotSpecified, CanNotDelete, ReadOnly. CanNotDelete means authorized users are able to read and modify the resources, but not delete. ReadOnly means authorized users can only read from a resource, but they can't modify or delete it.

ManagementLockObject

The lock information.

ManagementLockOwner

Lock owner properties.

LockLevel

The level of the lock. Possible values are: NotSpecified, CanNotDelete, ReadOnly. CanNotDelete means authorized users are able to read and modify the resources, but not delete. ReadOnly means authorized users can only read from a resource, but they can't modify or delete it.

Name Type Description
CanNotDelete

string

NotSpecified

string

ReadOnly

string

ManagementLockObject

The lock information.

Name Type Description
id

string

The resource ID of the lock.

name

string

The name of the lock.

properties.level

LockLevel

The level of the lock. Possible values are: NotSpecified, CanNotDelete, ReadOnly. CanNotDelete means authorized users are able to read and modify the resources, but not delete. ReadOnly means authorized users can only read from a resource, but they can't modify or delete it.

properties.notes

string

Notes about the lock. Maximum of 512 characters.

properties.owners

ManagementLockOwner[]

The owners of the lock.

type

string

The resource type of the lock - Microsoft.Authorization/locks.

ManagementLockOwner

Lock owner properties.

Name Type Description
applicationId

string

The application ID of the lock owner.