improve resource locks

Author: undergroundwires

AZ-900 Microsoft Azure Fundamentals/2.6. Azure Resource Manager (Resources & Resource Groups & Management Groups).md

@@ -38,13 +38,15 @@
 
 - 📝 Blocks modification (**Read-only**) or deletion (**Delete**) of the resource.
   - For more granular control of what can be deployed e.g. see [Azure policies](./5.1.%20Azure%20Policy%20&%20Azure%20Blueprints.md#azure-policy)
-- Read-only allows only HTTP GET requests.
-  - ❗Can lead to unexpected results e.g. listing all objects in a storage account requires POST request is denied.
+- Read-only allows only `HTTP GET` requests
+  - ❗ Can lead to unexpected results e.g. listing all objects in a storage account requires `POST` request is denied
 - 📝 You must remove the lock in order to perform forbidden activity.
-- Apply regardless of RBAC permissions.
-- 📝 Protects against accidental deletion.
-- 💡Use to protect key resources that could have a large impact if they were removed or modified.
-  - E.g. ExpressRoute circuits, and virtual networks, critical databases, and domain controllers. Evaluate
+- Apply regardless of RBAC permissions
+- 📝 Protects against accidental deletion
+- 💡 Use to protect key resources that could have a large impact if they were removed or modified
+  - E.g. ExpressRoute circuits, virtual networks, critical databases, and domain controllers
+- Only "Owner" and "User Access Administrator" can create/delete locks
+  - It requires access to `Microsoft.Authorization/locks/*`
 
 ## Azure Resource Group