3.3.2. π‘ First Principle: Resource Locks
First Principle: Azure Resource Locks provide a simple yet powerful mechanism to protect critical resources from accidental deletion or modification. Their core purpose is to add a layer of administrative protection, safeguarding essential infrastructure from human error.
What It Is: A feature that helps prevent accidental deletion or modification of critical Azure resources.
Lock Levels:
CanNotDelete: Authorized users can still read and modify a resource, but they can't delete it. This is useful for protecting critical resources that may need to be reconfigured.ReadOnly: Authorized users can read a resource, but they can't delete or update it. This is the most restrictive lock, making the resource effectively read-only.
Scenario: A team has deployed a production database that is essential for their application. They want to ensure that no one, not even an administrator with full permissions, can accidentally delete this database.
Reflection Question: Which resource lock level (CanNotDelete or ReadOnly) would be most appropriate for this production database, and why?
π‘ Tip: Resource locks apply to all users and roles, including administrators. To delete or modify a locked resource, the lock must first be removed by a user with the appropriate permissions.
