Enable Locks at Database and Collection Level as well to avoid deletion.
We can enable locks at Resource level to make sure Cosmos DB is not deleted. Currently it will still allow the admin to delete the Database and delete the collection under the db. It will be nice to lock the DB and Collection as well. So in Production Environment we can enable these locks to make sure they are not deleted by anyone.
Update on this.
We do currently support this capability, even down to database and container level resources. This capability is available in CLI or PoweShell. To enable this you need to include the full resource URI for the resource to be locked.
Below is a sample for how to enable this using CLI.
Lock a database resource (using MongoDB API as an example).
az lock create —name myDatabaseLock —lock-type CanNotDelete —resource-type Microsoft.DocumentDB/databaseAccounts —parent databaseAccounts/mycosmosaccount —resource mydatabase —resource-group myResourceGroup
Lock a collection level resource (also MongoDB API example).
az lock create —name myCollectionLock —lock-type CanNotDelete —resource-type Microsoft.DocumentDB/databaseAccounts —parent databaseAccounts/mycosmosaccount —resource myDatabase/collections/myCollection —resource-group myResourceGroup
Thank you and hope this is helpful.
Tomas Foltynek commented
Please extend the current "Resource Locks" to cover Databases and Containers within an Azure Cosmos DB account.
As of now you are able to create a Resource Lock (https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-lock-resources), which prevents the entire Cosmos DB Account from being deleted. But you can still accidentally delete the Databases and Containers in the account.