lock | R Documentation |
Create, retrieve and delete locks. These are methods for the az_subscription
, az_resource_group
and az_resource
classes.
create_lock(name, level = c("cannotdelete", "readonly"), notes = "") get_lock(name) delete_lock(name) list_locks()
name
: The name of a lock.
level
: The level of protection that the lock provides.
notes
: An optional character string to describe the lock.
Management locks in Resource Manager can be assigned at the subscription, resource group, or resource level. They serve to protect a resource against unwanted changes. A lock can either protect against deletion (level="cannotdelete"
) or against modification of any kind (level="readonly"
).
Locks assigned at parent scopes also apply to lower ones, recursively. The most restrictive lock in the inheritance takes precedence. To modify/delete a resource, any existing locks for its subscription and resource group must also be removed.
Note if you logged in via a custom service principal, it must have "Owner" or "User Access Administrator" access to manage locks.
The create_lock
and get_lock
methods return a lock object, which is itself an Azure resource. The list_locks
method returns a list of such objects. The delete_lock
method returns NULL on a successful delete.
The get_role_definition
method returns an object of class az_role_definition
. This is a plain-old-data R6 class (no methods), which can be used as input for creating role assignments (see the examples below).
The list_role_definitions
method returns a list of az_role_definition
if the as_data_frame
argument is FALSE. If this is TRUE, it instead returns a data frame containing the most broadly useful fields for each role definition: the definition ID and role name.
rbac
## Not run:
az <- get_azure_login("myaadtenant")
sub <- az$get_subscription("subscription_id")
rg <- sub$get_resource_group("rgname")
res <- rg$get_resource(type="provider_type", name="resname")
sub$create_lock("lock1", "cannotdelete")
rg$create_lock("lock2", "cannotdelete")
# error! resource is locked
res$delete()
# subscription level
rg$delete_lock("lock2")
sub$delete_lock("lock1")
# now it works
res$delete()
## End(Not run)
Add the following code to your website.
For more information on customizing the embed code, read Embedding Snippets.