Contents x
    Use Azure Locks to Prevent Unwanted Modifications to Logic Apps
      • Print
      • Dark
        Light
      • PDF
      Contents

      Use Azure Locks to Prevent Unwanted Modifications to Logic Apps

        • Print
        • Dark
          Light
        • PDF
        Article Summary

        #ServerlessTips - Azure Logic Apps
        Author: Kent Weare Integration MVP

        Microsoft Azure provides developers and administrators the ability to quickly provision, and delete, resources. Unfortunately, we have all been there, someone is clicking through the portal, quicker than they should be and a resource inadvertently gets deleted. The good news is that Microsoft has accounted for this situation and introduced a feature called Locks which can prevent, or reduce the risk, of Azure resources being deleted.

        The root of the issue comes from people who have Contributor access which will provide enough access to remove, or modify, resources they have access to. Often times, a team will require this level of access to provision and manage Azure resources. A Lock will require an Owner to delete/modify a resource when applied.

        Microsoft provides two different Lock modes:

        • CanNotDelete means authorized users can still read and modify a resource, but they can't delete the resource.

        • ReadOnly means authorized users can read a resource, but they can't delete or update the resource. Applying this lock is similar to restricting all authorized users to the permissions granted by the Reader role.

        To create a Lock, we navigate to the Locks section of the Settings experience for a resource.

        1-locks

        From within this experience, we can choose to lock the resource by clicking on +Add. We are then prompted for a Lock name, Lock type and any additional Notes.

        2-createlock

        In this particular example, a Delete - Lock type has been applied which means that an Owner is the only role that can delete this resource, even if a user with a Contributor role created it.

        Logic Apps-2

        Conclusion

        In this post, we discussed how we can prevent unintended deletes being execute against important Azure resources. Using Locks, provide an additional level of governance and may reduce unplanned outages as it forces the user to have elevated Owner access. It is a good idea to apply locks to any important resources in Azure including Logic Apps, Service Bus entities and any other resource that will create an unplanned outage if it was deleted.

        Was this article helpful?
        What's Next