0
# Resource Protection and Linking
1

2
Resource locks for preventing accidental deletion or modification, resource links for creating relationships, managed applications, and data boundary management. These services provide additional governance and management capabilities for Azure resources.
3

4
## Capabilities
5

6
### Management Locks
7

8
Protect critical resources by applying locks that prevent deletion or modification at the subscription, resource group, or resource level.
9

10
```python { .api }
11
class ManagementLocksOperations:
12
    def create_or_update_at_resource_group_level(
13
        self,
14
        resource_group_name: str,
15
        lock_name: str,
16
        parameters: ManagementLockObject,
17
        **kwargs
18
    ) -> ManagementLockObject:
19
        """
20
        Create or update a lock at the resource group level.
21
        
22
        Args:
23
            resource_group_name (str): Resource group name
24
            lock_name (str): Lock name
25
            parameters (ManagementLockObject): Lock properties
26
            
27
        Returns:
28
            ManagementLockObject: The created lock
29
        """
30

31
    def delete_at_resource_group_level(
32
        self,
33
        resource_group_name: str,
34
        lock_name: str,
35
        **kwargs
36
    ) -> None:
37
        """Delete a lock at the resource group level."""
38

39
    def get_at_resource_group_level(
40
        self,
41
        resource_group_name: str,
42
        lock_name: str,
43
        **kwargs
44
    ) -> ManagementLockObject:
45
        """Get a lock at the resource group level."""
46

47
    def create_or_update_by_scope(
48
        self,
49
        scope: str,
50
        lock_name: str,
51
        parameters: ManagementLockObject,
52
        **kwargs
53
    ) -> ManagementLockObject:
54
        """
55
        Create or update a lock at any scope.
56
        
57
        Args:
58
            scope (str): Lock scope (subscription, resource group, or resource)
59
            lock_name (str): Lock name
60
            parameters (ManagementLockObject): Lock properties
61
            
62
        Returns:
63
            ManagementLockObject: The created lock
64
        """
65

66
    def delete_by_scope(
67
        self,
68
        scope: str,
69
        lock_name: str,
70
        **kwargs
71
    ) -> None:
72
        """Delete a lock at any scope."""
73

74
    def get_by_scope(
75
        self,
76
        scope: str,
77
        lock_name: str,
78
        **kwargs
79
    ) -> ManagementLockObject:
80
        """Get a lock at any scope."""
81

82
    def create_or_update_at_resource_level(
83
        self,
84
        resource_group_name: str,
85
        resource_provider_namespace: str,
86
        parent_resource_path: str,
87
        resource_type: str,
88
        resource_name: str,
89
        lock_name: str,
90
        parameters: ManagementLockObject,
91
        **kwargs
92
    ) -> ManagementLockObject:
93
        """Create or update a lock at the resource level."""
94

95
    def create_or_update_at_subscription_level(
96
        self,
97
        lock_name: str,
98
        parameters: ManagementLockObject,
99
        **kwargs
100
    ) -> ManagementLockObject:
101
        """Create or update a lock at the subscription level."""
102

103
    def list_at_subscription_level(
104
        self, 
105
        **kwargs
106
    ) -> Iterable[ManagementLockObject]:
107
        """
108
        List locks at the subscription level.
109
        
110
        Returns:
111
            Iterable[ManagementLockObject]: Iterator of locks
112
        """
113

114
    def list_at_resource_group_level(
115
        self,
116
        resource_group_name: str,
117
        **kwargs
118
    ) -> Iterable[ManagementLockObject]:
119
        """List locks at the resource group level."""
120

121
    def list_by_scope(
122
        self,
123
        scope: str,
124
        **kwargs
125
    ) -> Iterable[ManagementLockObject]:
126
        """List locks at any scope."""
127
```
128

129
### Resource Links
130

131
Create and manage links between Azure resources to represent dependencies and relationships.
132

133
```python { .api }
134
class ResourceLinksOperations:
135
    def delete(self, link_id: str, **kwargs) -> None:
136
        """
137
        Delete a resource link.
138
        
139
        Args:
140
            link_id (str): Link ID
141
        """
142

143
    def create_or_update(
144
        self,
145
        link_id: str,
146
        parameters: ResourceLink,
147
        **kwargs
148
    ) -> ResourceLink:
149
        """
150
        Create or update a resource link.
151
        
152
        Args:
153
            link_id (str): Link ID
154
            parameters (ResourceLink): Link properties
155
            
156
        Returns:
157
            ResourceLink: The created link
158
        """
159

160
    def get(self, link_id: str, **kwargs) -> ResourceLink:
161
        """
162
        Get a resource link.
163
        
164
        Args:
165
            link_id (str): Link ID
166
            
167
        Returns:
168
            ResourceLink: Link details
169
        """
170

171
    def list_at_subscription(self, **kwargs) -> Iterable[ResourceLink]:
172
        """
173
        List all resource links in the subscription.
174
        
175
        Returns:
176
            Iterable[ResourceLink]: Iterator of resource links
177
        """
178

179
    def list_at_source_scope(
180
        self,
181
        scope: str,
182
        **kwargs
183
    ) -> Iterable[ResourceLink]:
184
        """
185
        List resource links at a specific source scope.
186
        
187
        Args:
188
            scope (str): Source scope
189
            
190
        Returns:
191
            Iterable[ResourceLink]: Iterator of resource links
192
        """
193
```
194

195
### Managed Applications
196

197
Manage Azure managed applications including application definitions and application instances.
198

199
```python { .api }
200
class ApplicationsOperations:
201
    def get(
202
        self,
203
        resource_group_name: str,
204
        application_name: str,
205
        **kwargs
206
    ) -> Application:
207
        """
208
        Get managed application details.
209
        
210
        Args:
211
            resource_group_name (str): Resource group name
212
            application_name (str): Application name
213
            
214
        Returns:
215
            Application: Application details
216
        """
217

218
    def delete(
219
        self,
220
        resource_group_name: str,
221
        application_name: str,
222
        **kwargs
223
    ) -> None:
224
        """Delete a managed application."""
225

226
    def begin_create_or_update(
227
        self,
228
        resource_group_name: str,
229
        application_name: str,
230
        parameters: Application,
231
        **kwargs
232
    ) -> LROPoller[Application]:
233
        """
234
        Create or update a managed application.
235
        
236
        Args:
237
            resource_group_name (str): Resource group name
238
            application_name (str): Application name
239
            parameters (Application): Application properties
240
            
241
        Returns:
242
            LROPoller[Application]: Long-running operation poller
243
        """
244

245
    def update(
246
        self,
247
        resource_group_name: str,
248
        application_name: str,
249
        parameters: ApplicationPatchable,
250
        **kwargs
251
    ) -> Application:
252
        """Update a managed application."""
253

254
    def list_by_resource_group(
255
        self,
256
        resource_group_name: str,
257
        **kwargs
258
    ) -> Iterable[Application]:
259
        """List managed applications in a resource group."""
260

261
    def list_by_subscription(self, **kwargs) -> Iterable[Application]:
262
        """List managed applications in the subscription."""
263

264
    def update_access(
265
        self,
266
        resource_group_name: str,
267
        application_name: str,
268
        parameters: UpdateAccessDefinition,
269
        **kwargs
270
    ) -> UpdateAccessDefinition:
271
        """Update access permissions for a managed application."""
272
```
273

274
### Application Definitions
275

276
Manage application definitions that define the blueprint for managed applications.
277

278
```python { .api }
279
class ApplicationDefinitionsOperations:
280
    def get(
281
        self,
282
        resource_group_name: str,
283
        application_definition_name: str,
284
        **kwargs
285
    ) -> ApplicationDefinition:
286
        """Get application definition details."""
287

288
    def delete(
289
        self,
290
        resource_group_name: str,
291
        application_definition_name: str,
292
        **kwargs
293
    ) -> None:
294
        """Delete an application definition."""
295

296
    def begin_create_or_update(
297
        self,
298
        resource_group_name: str,
299
        application_definition_name: str,
300
        parameters: ApplicationDefinition,
301
        **kwargs
302
    ) -> LROPoller[ApplicationDefinition]:
303
        """Create or update an application definition."""
304

305
    def list_by_resource_group(
306
        self,
307
        resource_group_name: str,
308
        **kwargs
309
    ) -> Iterable[ApplicationDefinition]:
310
        """List application definitions in a resource group."""
311

312
    def list_by_subscription(self, **kwargs) -> Iterable[ApplicationDefinition]:
313
        """List application definitions in the subscription."""
314

315
    def get_by_id(
316
        self,
317
        application_definition_id: str,
318
        **kwargs
319
    ) -> ApplicationDefinition:
320
        """Get application definition by ID."""
321

322
    def begin_create_or_update_by_id(
323
        self,
324
        application_definition_id: str,
325
        parameters: ApplicationDefinition,
326
        **kwargs
327
    ) -> LROPoller[ApplicationDefinition]:
328
        """Create or update application definition by ID."""
329

330
    def begin_delete_by_id(
331
        self,
332
        application_definition_id: str,
333
        **kwargs
334
    ) -> LROPoller[None]:
335
        """Delete application definition by ID."""
336
```
337

338
### Data Boundary Management
339

340
Manage data boundary policies and configurations for data residency and compliance requirements.
341

342
```python { .api }
343
class DataBoundariesOperations:
344
    def get_scope(self, scope: str, **kwargs) -> DataBoundaryDefinition:
345
        """
346
        Get data boundary definition for a scope.
347
        
348
        Args:
349
            scope (str): Data boundary scope
350
            
351
        Returns:
352
            DataBoundaryDefinition: Data boundary definition
353
        """
354

355
    def put_scope(
356
        self,
357
        scope: str,
358
        data_boundary_definition: DataBoundaryDefinition,
359
        **kwargs
360
    ) -> DataBoundaryDefinition:
361
        """
362
        Create or update data boundary definition for a scope.
363
        
364
        Args:
365
            scope (str): Data boundary scope
366
            data_boundary_definition (DataBoundaryDefinition): Data boundary properties
367
            
368
        Returns:
369
            DataBoundaryDefinition: Updated data boundary definition
370
        """
371
```
372

373
## Model Classes
374

375
```python { .api }
376
class ManagementLockObject:
377
    """Management lock model."""
378
    id: str
379
    type: str
380
    name: str
381
    level: LockLevel
382
    notes: str
383
    owners: List[ManagementLockOwner]
384

385
class ManagementLockOwner:
386
    """Lock owner information."""
387
    application_id: str
388

389
class ResourceLink:
390
    """Resource link model."""
391
    id: str
392
    name: str
393
    type: str
394
    properties: ResourceLinkProperties
395

396
class ResourceLinkProperties:
397
    """Resource link properties."""
398
    source_id: str
399
    target_id: str
400
    notes: str
401

402
class Application:
403
    """Managed application model."""
404
    id: str
405
    name: str
406
    type: str
407
    location: str
408
    tags: Dict[str, str]
409
    managed_by: str
410
    sku: Sku
411
    identity: Identity
412
    properties: ApplicationProperties
413
    plan: Plan
414
    kind: str
415

416
class ApplicationProperties:
417
    """Managed application properties."""
418
    managed_resource_group_id: str
419
    application_definition_id: str
420
    parameters: Any
421
    outputs: Any
422
    provisioning_state: ProvisioningState
423
    billing_details: ApplicationBillingDetailsDefinition
424
    jit_access_policy: ApplicationJitAccessPolicy
425
    publisher_tenant_id: str
426
    authorizations: List[ApplicationAuthorization]
427
    management_mode: ApplicationManagementMode
428
    customer_support: ApplicationPackageContact
429
    support_urls: ApplicationPackageSupportUrls
430
    artifacts: List[ApplicationArtifact]
431
    created_by: ApplicationClientDetails
432
    updated_by: ApplicationClientDetails
433

434
class ApplicationDefinition:
435
    """Application definition model."""
436
    id: str
437
    name: str
438
    type: str
439
    location: str
440
    tags: Dict[str, str]
441
    managed_by: str
442
    sku: Sku
443
    identity: Identity
444
    properties: ApplicationDefinitionProperties
445

446
class ApplicationDefinitionProperties:
447
    """Application definition properties."""
448
    lock_level: ApplicationLockLevel
449
    display_name: str
450
    is_enabled: bool
451
    authorizations: List[ApplicationProviderAuthorization]
452
    artifacts: List[ApplicationDefinitionArtifact]
453
    description: str
454
    package_file_uri: str
455
    main_template: Any
456
    create_ui_definition: Any
457
    notification_policy: ApplicationNotificationPolicy
458
    locking_policy: ApplicationPackageLockingPolicyDefinition
459
    deployment_policy: ApplicationDeploymentPolicy
460
    management_policy: ApplicationManagementPolicy
461
    policies: List[ApplicationPolicy]
462

463
class DataBoundaryDefinition:
464
    """Data boundary definition model."""
465
    id: str
466
    name: str
467
    type: str
468
    properties: DataBoundaryProperties
469

470
class DataBoundaryProperties:
471
    """Data boundary properties."""
472
    data_boundary: DataBoundary
473
    provisioning_state: str
474

475
class UpdateAccessDefinition:
476
    """Update access definition for managed applications."""
477
    operation: str
478
    updates: List[UpdateAccessDefinitionUpdate]
479
```
480

481
## Enums
482

483
```python { .api }
484
class LockLevel(str, Enum):
485
    """Management lock levels."""
486
    NOT_SPECIFIED = "NotSpecified"
487
    CAN_NOT_DELETE = "CanNotDelete"
488
    READ_ONLY = "ReadOnly"
489

490
class ApplicationLockLevel(str, Enum):
491
    """Application lock levels."""
492
    CAN_NOT_DELETE = "CanNotDelete"
493
    READ_ONLY = "ReadOnly"
494
    NONE = "None"
495

496
class ApplicationManagementMode(str, Enum):
497
    """Application management modes."""
498
    NOT_SPECIFIED = "NotSpecified"
499
    UNMANAGED = "Unmanaged"
500
    MANAGED = "Managed"
501

502
class DataBoundary(str, Enum):
503
    """Data boundary types."""
504
    NOT_DEFINED = "NotDefined"
505
    GLOBAL = "Global"
506
    EU = "EU"
507
```
508

509
## Usage Examples
510

511
**Creating Resource Locks:**
512

513
```python
514
from azure.mgmt.resource.locks.models import ManagementLockObject, LockLevel
515

516
# Create a deletion lock on a resource group
517
lock_params = ManagementLockObject(
518
    level=LockLevel.CAN_NOT_DELETE,
519
    notes="Prevent accidental deletion of critical resources"
520
)
521

522
lock = lock_client.management_locks.create_or_update_at_resource_group_level(
523
    resource_group_name="production-rg",
524
    lock_name="deletion-protection",
525
    parameters=lock_params
526
)
527

528
# List all locks in the subscription
529
for lock in lock_client.management_locks.list_at_subscription_level():
530
    print(f"Lock: {lock.name}, Level: {lock.level}, Notes: {lock.notes}")
531
```
532

533
**Managing Resource Links:**
534

535
```python
536
from azure.mgmt.resource.links.models import ResourceLink, ResourceLinkProperties
537

538
# Create a link between two resources
539
link_props = ResourceLinkProperties(
540
    source_id="/subscriptions/{sub}/resourceGroups/rg1/providers/Microsoft.Storage/storageAccounts/storage1",
541
    target_id="/subscriptions/{sub}/resourceGroups/rg2/providers/Microsoft.Web/sites/webapp1",
542
    notes="Storage account used by web application"
543
)
544

545
link = ResourceLink(properties=link_props)
546

547
created_link = link_client.resource_links.create_or_update(
548
    link_id="/subscriptions/{sub}/resourceGroups/rg1/providers/Microsoft.Resources/links/storage-webapp-link",
549
    parameters=link
550
)
551

552
# List all resource links
553
for link in link_client.resource_links.list_at_subscription():
554
    print(f"Link: {link.name}")
555
    print(f"  Source: {link.properties.source_id}")
556
    print(f"  Target: {link.properties.target_id}")
557
```
558

559
**Working with Managed Applications:**
560

561
```python
562
from azure.mgmt.resource.managedapplications.models import (
563
    Application,
564
    ApplicationProperties,
565
    ApplicationLockLevel
566
)
567

568
# Get managed application details
569
app = app_client.applications.get("my-rg", "my-managed-app")
570
print(f"Application: {app.name}")
571
print(f"Managed RG: {app.properties.managed_resource_group_id}")
572
print(f"Definition: {app.properties.application_definition_id}")
573

574
# List all managed applications
575
for app in app_client.applications.list_by_subscription():
576
    print(f"App: {app.name} in {app.location}")
577
```