DenySettings interface

Defines how resources deployed by the Deployment stack are locked.

Properties

applyToChildScopes

DenySettings will be applied to child resource scopes of every managed resource with a deny assignment.

excludedActions

List of role-based management operations that are excluded from the denySettings. Up to 200 actions are permitted. If the denySetting mode is set to 'denyWriteAndDelete', then the following actions are automatically appended to 'excludedActions': '*/read' and 'Microsoft.Authorization/locks/delete'. If the denySetting mode is set to 'denyDelete', then the following actions are automatically appended to 'excludedActions': 'Microsoft.Authorization/locks/delete'. Duplicate actions will be removed.

excludedPrincipals

List of AAD principal IDs excluded from the lock. Up to 5 principals are permitted.

mode

denySettings Mode that defines denied actions.

Property Details

applyToChildScopes

DenySettings will be applied to child resource scopes of every managed resource with a deny assignment.

applyToChildScopes?: boolean

Property Value

boolean

excludedActions

List of role-based management operations that are excluded from the denySettings. Up to 200 actions are permitted. If the denySetting mode is set to 'denyWriteAndDelete', then the following actions are automatically appended to 'excludedActions': '*/read' and 'Microsoft.Authorization/locks/delete'. If the denySetting mode is set to 'denyDelete', then the following actions are automatically appended to 'excludedActions': 'Microsoft.Authorization/locks/delete'. Duplicate actions will be removed.

excludedActions?: string[]

Property Value

string[]

excludedPrincipals

List of AAD principal IDs excluded from the lock. Up to 5 principals are permitted.

excludedPrincipals?: string[]

Property Value

string[]

mode

denySettings Mode that defines denied actions.

mode: string

Property Value

string