Updated on 2025-08-20 GMT+08:00

Granting Read or Write Permissions to a Database Account

Function

This API is used to grant read or write permissions to a database account in a specified DB instance.

Constraints

  • This operation cannot be performed when the DB instance is in any of the following statuses: creating, changing instance class, changing port, frozen, or abnormal.
  • By default, read-only users have the create and usage permissions on the public schema.

URI

  • URI format

    POST /v3/{project_id}/instances/{instance_id}/db_privilege

  • Parameter description
    Table 1 Parameters

    Parameter

    Mandatory

    Description

    project_id

    Yes

    Definition

    Project ID of a tenant in a region.

    To obtain the value, see Obtaining a Project ID.

    Constraints

    N/A

    Range

    N/A

    Default Value

    N/A

    instance_id

    Yes

    Definition

    Instance ID.

    Constraints

    N/A

    Range

    N/A

    Default Value

    N/A

Request

Table 2 Parameters

Parameter

Mandatory

Type

Description

db_name

Yes

String

Definition

Database name.

Constraints

N/A

Range

The database name can contain 1 to 63 characters. Only letters, digits, and underscores (_) are allowed. It cannot start with pg or a digit and cannot be the same as RDS for PostgreSQL template database names.

RDS for PostgreSQL template databases include postgres, template0, and template1.

Default Value

N/A

users

Yes

Array of objects

Definition

Database accounts. Each element is a database account. A single request supports a maximum of 50 elements.

For details on the element structure, see Table 3.

Constraints

N/A

Table 3 users field data structure description

Parameter

Mandatory

Type

Description

name

Yes

String

Definition

Specifies the username of the database account.

Constraints

N/A

Range

The database account name contains 1 to 63 characters, including letters, digits, and underscores (_). It cannot start with pg or a digit and must be different from system user names.

System users include rdsAdmin, rdsMetric, rdsBackup, rdsRepl, rdsProxy, and rdsDdm.

Default Value

N/A

readonly

Yes

Boolean

Definition

Specifies the database account permissions.

Constraints

N/A

Range

  • true: read-only
  • false: read and write

Default Value

N/A

schema_name

Yes

String

Definition

Specifies the schema name.

Constraints

N/A

Range

The value cannot be empty and contains 1 to 63 characters, including letters, digits, and underscores (_). It cannot start with pg or a digit, and must be different from RDS for PostgreSQL template database names and existing schema names. This parameter is mandatory.

RDS for PostgreSQL template databases include postgres, template0, and template1.

Default Value

N/A

Example Request

Grant read and write permissions to rds and rds002, and read-only permissions to rds001.
POST https://{endpoint}/v3/0483b6b16e954cb88930a360d2c4e663/instances/f569f1358436479dbcba8603c32cc4aein03/db_privilege

{"db_name": "rds_test",
    "users": [
        {
            "name": "rds",
            "readonly": false,
            "schema_name": "teste123"
        },
        {
            "name": "rds001",
            "readonly": true,
            "schema_name": "teste123"
        },
       {
            "name": "rds002",
            "readonly": false,
            "schema_name": "teste123"
        }
    ]
 }

Response

  • Normal response
    Table 4 Parameters

    Parameter

    Type

    Description

    resp

    String

    Definition

    Calling result.

    Range

    Returns successful if the calling is successful.

Status Code

Error Code

For details, see Error Codes.