Granting Data Access Control to Users or Projects
Function
This API is used to grant data permissions for a database or data table to a specified user or project.
The user group containing the authorized user must have the Tenant Guest permission in the region where the user group belongs.
Permissions can only be granted to projects within the same region of the same tenant.
For details about the Tenant Guest permission and how to apply for the permission, see System Permissions and Creating a User Group in Identity and Access Management User Guide.
URI
- URI format
- Parameter description
Table 1 URI parameter Parameter
Mandatory
Type
Description
project_id
Yes
String
Project ID, which is used for resource isolation. For details about how to obtain its value, see Obtaining a Project ID.
Request
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
user_name |
No |
String |
Name of the user who is granted, revoked, or updated permissions on a database or data table |
|
grant_project_id |
No |
String |
ID of the project that is granted permissions to access a database or data table. Once granted, the project administrator will have access to the database or data table. |
|
action |
Yes |
String |
Grants, revokes, or updates permissions.
NOTE:
Users can perform the update operation only when they have been granted the grant and revoke permissions. |
|
privileges |
Yes |
Array of objects |
Granted permissions. For details, see Table 3. |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
object |
Yes |
String |
Data objects whose permissions are to be granted. If they are named:
|
|
privileges |
Yes |
Array of strings |
List of permissions to be granted, revoked, or updated
NOTE:
If action is set to update and the update list is empty, the user's all permissions on the database or data table are revoked. |
Response
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
is_success |
No |
Boolean |
Whether the request is successfully executed. Value true indicates that the request is successfully executed. |
|
message |
No |
String |
System prompt. If the execution succeeds, the message may be left blank. |
Example Request
- Grant a project (ID: 0732e57c728025922f04c01273686950) the permission to query data in the database db1, delete the data table db1.tbl, and query data in a specified column db1.tbl.column1 of a data table.
{ "grant_project_id": "0732e57c728025922f04c01273686950", "action": "grant", "privileges": [ { "object": "databases.db1.tables.tb2.columns.column1", "privileges": ["SELECT"] }, { "object": "databases.db1.tables.tbl", "privileges": ["DROP_TABLE"] }, { "object": "databases.db1", "privileges": ["SELECT"] } ] } - Grant the data query permission of the dbtest database to the dlitest user.
{ "action": "grant", "privileges": [ { "object": "databases.dbtest", "privileges": [ "SELECT" ] } ], "user_name": "dlitest" }
Example Response
{
"is_success": true,
"message": ""
}
Status Codes
Table 5 describes the status codes.
Error Codes
If an error occurs when this API is invoked, the system does not return the result similar to the preceding example, but returns the error code and error information. For details, see Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
