SOLVED

Is is possible to allow user to modify/delete only specified management (resource) locks?

%3CLINGO-SUB%20id%3D%22lingo-sub-2579040%22%20slang%3D%22en-US%22%3EIs%20is%20possible%20to%20allow%20user%20to%20modify%2Fdelete%20only%20specified%20management%20(resource)%20locks%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2579040%22%20slang%3D%22en-US%22%3E%3CP%3EGreetings%20everyone%2C%3C%2FP%3E%3CP%3Eas%20in%20the%20title%2C%20is%20it%20possible%20to%20do%20such%20action%3F%20If%20yes%2C%20then%20what%20permissions%20does%20this%20user%20need%20to%20do%20so%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EExample%3A%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20a%20resource%20group%20with%202%20resource%20objects.%20Both%20of%20them%20have%20set%20up%20management%20locks.%20Now%2C%20is%20it%20possible%20to%20allow%20someone%20to%20modify%2Fdelete%20lock%20only%20on%20first%20object%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you%20in%20advance!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2586818%22%20slang%3D%22en-US%22%3ERe%3A%20Is%20is%20possible%20to%20allow%20user%20to%20modify%2Fdelete%20only%20specified%20management%20(resource)%20locks%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2586818%22%20slang%3D%22en-US%22%3EProblem%20solved.%3CBR%20%2F%3E%3CBR%20%2F%3EFor%20everyone%20out%20there%20wondering%2C%20I%20have%20created%20custom%20role%20which%20applied%20only%20to%20specified%20scope%20of%20resources.%20Then%20added%20those%20role%20in%20IAM%20-%26gt%3B%20Add%20role%20assignment%20of%20a%20given%20resource%20(i.e%20storage%20account)%20and%20it%20works.%3CBR%20%2F%3E%3CBR%20%2F%3EOf%20course%20you%20need%20to%20add%20the%20role%20to%20a%20user%20so%20he%20can%20access%20only%20those%20resources%20specified%20by%20the%20role.%3CBR%20%2F%3E%3CBR%20%2F%3EBR%3C%2FLINGO-BODY%3E
New Contributor

Greetings everyone,

as in the title, is it possible to do such action? If yes, then what permissions does this user need to do so?

 

Example: 

I have a resource group with 2 resource objects. Both of them have set up management locks. Now, is it possible to allow someone to modify/delete lock only on first object? 

 

Thank you in advance!

2 Replies
Problem solved.

For everyone out there wondering, I have created custom role which applied only to specified scope of resources. Then added those role in IAM -> Add role assignment of a given resource (i.e storage account) and it works.

Of course you need to add the role to a user so he can access only those resources specified by the role.

BR
best response confirmed by Azure_Guy1559 (New Contributor)
Solution
Or simply add new member to the resource in IAM -> Add role assignment -> members tab.