We recommend that you use a control plane operation.Ī read-only lock on a network security group (NSG) prevents the creation of the corresponding NSG flow log. If the request uses Delete Share, which is a data plane operation, the deletion succeeds. If the request uses control plane operations, however, the lock protects those resources.įor example, if a request uses File Shares - Delete, which is a control plane operation, the deletion fails. If a request uses data plane operations, the lock on the storage account doesn't protect blob, queue, table, or file data within that storage account. The Storage Account API exposes data plane and control plane operations. It also doesn't protect the data in a blob, queue, table, or file. A read-only lock also prevents the assignment of Azure RBAC roles that are scoped to the storage account or to a data container (blob container or queue).Ī read-only lock on a storage account protects RBAC assignments scoped for a storage account or a data container (blob container or queue).Ī read-only lock on a storage account prevents the creation of a blob container.Ī read-only lock or cannot-delete lock on a storage account doesn't prevent its data from deletion or modification. When a read-only lock is configured for a storage account, users who don't have the account keys need to use Microsoft Entra credentials to access blob or queue data. The account keys provide complete access to data in the storage account. A POST request handles the Azure Storage List Keys operation to protect access to the account keys. Some common examples of blocked operations are:Ī read-only lock on a storage account prevents users from listing the account keys. Locks prevent the POST method from sending data to the Azure Resource Manager (ARM) API. Some operations, which don't seem to modify a resource, require blocked actions. Considerations before applying your locksĪpplying locks can lead to unexpected results. Data plane operations allow data transactions. It allows you to create, update, or delete data in the server database. A ReadOnly lock, for example, on an SQL Database logical server, protects it from deletions or modifications. The distinction means locks protect a resource from changes, but they don't restrict how a resource performs its functions. To discover which operations use the control plane URL, see the Azure REST API. Azure data plane operations go to your service instance, such as. Locks only apply to control plane Azure operations and not to data plane operations.Īzure control plane operations go to.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |