A company has a critical Azure SQL Database hosting their ERP system.

To prevent accidental deletion, an administrator applies a 'CanNotDelete' resource lock to the resource group containing the database.

A developer with the 'Owner' RBAC role on the resource group attempts to delete the SQL Database.

What will be the outcome, and why?

Azure Resource Locks (CanNotDelete or ReadOnly) are applied at the control plane level and override any Azure RBAC permissions. Even if a user has the 'Owner' role, they cannot delete a resource protected by a CanNotDelete lock. The user must first explicitly remove the lock (which their Owner role allows them to do) before they can delete the resource. This prevents accidental deletion by highly privileged accounts.