JSON
Copy definition Copy definition 4 EPAC EPAC
{ 6 items displayName: "Resource Lock should be enabled" , description: "With this policy: any resource that has the tag key LockLevel with the value CanNotDelete means authorized users can read and modify the resource, but they can t delete it." , metadata: { 2 items category: "Backup" , version: "1.0.0" } , mode: "Indexed" , parameters: { 3 items tagName: { 3 items type: "string" , metadata: { 2 items displayName: "Exclusion Tag Name" , description: "Name of the tag to use for excluding resources from this policy. This should be used along with the Exclusion Tag Value parameter." } , defaultValue: "_MVP_Resource_Lock_should_be_enabled" } , tagValue: { 3 items type: "string" , metadata: { 2 items displayName: "Exclusion Tag Value" , description: "Value of the tag to use for excluding resources from this policy. This should be used along with the Exclusion Tag Name parameter." } , defaultValue: "exclude" } , effect: { 4 items type: "String" , metadata: { 2 items displayName: "Effect" , description: "DeployIfNotExists, AuditIfNotExists or Disabled the execution of the Policy" } , allowedValues: [ 3 items "DeployIfNotExists" , "AuditIfNotExists" , "Disabled" ] , defaultValue: "DeployIfNotExists" } } , policyRule: { 2 items if: { 1 item allOf: [ 3 items { 2 items field: "tags.LockLevel" , equals: "CanNotDelete" } , { 2 items value: 🔍 "[
length(
split(
field('type'),
'/'
)
)
]", equals: 2 } , { 1 item not: { 2 items field: 🔍 "[
concat(
'tags[
',
parameters('tagName'),
'
]'
)
]", equals: "[parameters('tagValue')]" } } ] } , then: { 2 items effect: "[parameters('effect')]" , details: { 5 items roleDefinitionIds: [ 1 item "/providers/microsoft.authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635" Owner ] , type: "Microsoft.Authorization/locks" , name: "ResourceLockedByPolicy" , existenceCondition: { 1 item } , deployment: { 1 item properties: { 3 items mode: "incremental" , template: { 6 items $schema: "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#" , contentVersion: "1.0.0.0" , parameters: { 2 items } , variables : {} , resources: [ 1 item { 5 items type: "Microsoft.Authorization/locks" , apiVersion: "2016-09-01" , name: "ResourceLockedByPolicy" , scope: 🔍 "[
concat(
parameters('resourceType'),
'/',
parameters('resourceName')
)
]", properties: { 2 items level: "CanNotDelete" , notes: "Locked by Azure Policy" } } ] , outputs : {} } , parameters: { 2 items } } } } } } }