Updated on 2026-06-22 GMT+08:00

Creating a Database User or Role

Function

This API is used to create a database user or role.

Calling Method

For details, see Calling APIs.

URI

POST /v1/{project_id}/clusters/{cluster_id}/db-manager/users

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

project_id

Yes

String

Definition

Project ID. To obtain the value, see Obtaining a Project ID.

Constraints

N/A

Range

N/A

Default Value

N/A

cluster_id

Yes

String

Definition

Cluster ID. For details about how to obtain the value, see Obtaining the Cluster ID.

Constraints

N/A

Range

N/A

Default Value

N/A

Request Parameters

Table 2 Request body parameters

Parameter

Mandatory

Type

Description

name

Yes

String

Definition

Username or role name.

Constraints

N/A

Range

N/A

Default Value

N/A

type

Yes

String

Definition

Type.

Constraints

N/A

Range

user: database user.

role: database role.

Default Value

N/A

login

No

Boolean

Definition

Type.

Constraints

N/A

Range

N/A

Default Value

false

password

No

String

Definition

Password.

Constraints

N/A

Range

N/A

Default Value

N/A

system_admin

No

Boolean

Definition

Whether the user is a system administrator.

Constraints

N/A

Range

N/A

Default Value

N/A

logical_cluster

No

String

Definition

Name of the associated logical cluster.

Constraints

N/A

Range

N/A

Default Value

N/A

password_disable

No

Boolean

Definition

Whether password login is allowed.

Constraints

N/A

Range

  • true: Password login is allowed.

  • false: Password login is not allowed.

Default Value

false

create_role

No

Boolean

Definition

Whether to allow role creation.

Constraints

N/A

Range

N/A

Default Value

false

create_db

No

Boolean

Definition

Whether to allow database creation.

Constraints

N/A

Range

N/A

Default Value

false

inherit

No

Boolean

Definition

Whether the permission can be inherited.

Constraints

N/A

Range

N/A

Default Value

false

conn_limit

No

Integer

Definition

Maximum number of connections.

Constraints

N/A

Range

N/A

Default Value

N/A

grant_members

No

Array of strings

Definition

Authorization object information.

Constraints

N/A

Range

N/A

Default Value

N/A

grant_list

No

Array of GrantAuthority objects

Definition

List of granted permissions.

Constraints

N/A

Range

N/A

Default Value

N/A

desc

No

String

Definition

Description.

Constraints

N/A

Range

N/A

Default Value

N/A

Table 3 GrantAuthority

Parameter

Mandatory

Type

Description

type

No

String

Definition

Permission type.

Range

N/A

database

No

String

Definition

Database name.

Range

N/A

schema

No

String

Definition

Schema name.

Range

N/A

obj_name

No

String

Definition

Object name.

Range

N/A

all_object

No

Boolean

Definition

Whether the permission applies for all objects.

Range

N/A

future

No

Boolean

Definition

Whether the permission applies for future objects.

Range

N/A

future_object_owners

No

String

Definition

Future object - owner.

Range

N/A

column_name

No

Array of strings

Definition

Column name.

Range

N/A

privileges

No

Array of Grant objects

Definition

Permission.

Range

N/A

Table 4 Grant

Parameter

Mandatory

Type

Description

permission

Yes

String

Definition

Permission name. The permission varies depending on the database object type.

Range

  • For database: CREATE | CONNECT | TEMPORARY | TEMP ALL PRIVILEGES

  • For schemas: CREATE, USAGE, ALTER, or DROP ALL PRIVILEGES

  • For tables: SELECT, INSERT, UPDATE, DELETE, TRUNCATE, REFERENCES, TRIGGER, ANALYZE, ANALYSE, VACUUM, ALTER, or DROP ALL PRIVILEGES

  • For views: SELECT, INSERT, UPDATE, DELETE, TRUNCATE, REFERENCES, TRIGGER, ANALYZE, ANALYSE, VACUUM, ALTER, or DROP ALL PRIVILEGES

  • For columns: SELECT, INSERT, UPDATE, or REFERENCES ALL PRIVILEGES

  • For functions: EXECUTE ALL PRIVILEGES

  • For sequences: SELECT, UPDATE, or USAGE ALL PRIVILEGES

  • For node groups: CREATE, USAGE, or COMPUTE ALL PRIVILEGES

  • For roles: If role_name is specified, all the permissions of this role are given to a user.

grant_with

Yes

Boolean

Definition

Whether a permission is included in the grant options.

Range

N/A

Response Parameters

Status code: 200

Request submitted.

None

Example Requests

Create a database user. The username is user1 and the password is subject to the actual situation.

POST https://{Endpoint}/v1/05f2cff45100d5112f4bc00b794ea08e/clusters/cc6588d6-8301-4c9a-b0c0-186bb824e8c0/db-manager/users

{
  "name" : "user1",
  "type" : "user",
  "login" : true,
  "password" : "*****",
  "system_admin" : false,
  "logical_cluster" : "v3_logical",
  "password_disable" : false,
  "create_role" : false,
  "create_db" : false,
  "inherit" : true,
  "conn_limit" : -1,
  "grant_members" : [ ],
  "grant_list" : [ ],
  "desc" : ""
}

Example Responses

Status code: 200

Request submitted.

{ }

SDK Sample Code

The SDK sample code is as follows.

Create a database user. The username is user1 and the password is subject to the actual situation.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.dws.v2.region.DwsRegion;
import com.huaweicloud.sdk.dws.v2.*;
import com.huaweicloud.sdk.dws.v2.model.*;

import java.util.List;
import java.util.ArrayList;

public class CreateDatabaseUserSolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");
        String projectId = "{project_id}";

        ICredential auth = new BasicCredentials()
                .withProjectId(projectId)
                .withAk(ak)
                .withSk(sk);

        DwsClient client = DwsClient.newBuilder()
                .withCredential(auth)
                .withRegion(DwsRegion.valueOf("<YOUR REGION>"))
                .build();
        CreateDatabaseUserRequest request = new CreateDatabaseUserRequest();
        request.withClusterId("{cluster_id}");
        UserAuthorityReq body = new UserAuthorityReq();
        body.withDesc("");
        body.withConnLimit(-1);
        body.withInherit(true);
        body.withCreateDb(false);
        body.withCreateRole(false);
        body.withPasswordDisable(false);
        body.withLogicalCluster("v3_logical");
        body.withSystemAdmin(false);
        body.withPassword("*****");
        body.withLogin(true);
        body.withType("user");
        body.withName("user1");
        request.withBody(body);
        try {
            CreateDatabaseUserResponse response = client.createDatabaseUser(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}

Create a database user. The username is user1 and the password is subject to the actual situation.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
# coding: utf-8

import os
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdkdws.v2.region.dws_region import DwsRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdkdws.v2 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.environ["CLOUD_SDK_AK"]
    sk = os.environ["CLOUD_SDK_SK"]
    projectId = "{project_id}"

    credentials = BasicCredentials(ak, sk, projectId)

    client = DwsClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(DwsRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = CreateDatabaseUserRequest()
        request.cluster_id = "{cluster_id}"
        request.body = UserAuthorityReq(
            desc="",
            conn_limit=-1,
            inherit=True,
            create_db=False,
            create_role=False,
            password_disable=False,
            logical_cluster="v3_logical",
            system_admin=False,
            password="*****",
            login=True,
            type="user",
            name="user1"
        )
        response = client.create_database_user(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)

Create a database user. The username is user1 and the password is subject to the actual situation.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    dws "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/dws/v2"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/dws/v2/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/dws/v2/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")
    projectId := "{project_id}"

    auth := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        WithProjectId(projectId).
        Build()

    client := dws.NewDwsClient(
        dws.DwsClientBuilder().
            WithRegion(region.ValueOf("<YOUR REGION>")).
            WithCredential(auth).
            Build())

    request := &model.CreateDatabaseUserRequest{}
	request.ClusterId = "{cluster_id}"
	descUserAuthorityReq:= ""
	connLimitUserAuthorityReq:= int32(-1)
	inheritUserAuthorityReq:= true
	createDbUserAuthorityReq:= false
	createRoleUserAuthorityReq:= false
	passwordDisableUserAuthorityReq:= false
	logicalClusterUserAuthorityReq:= "v3_logical"
	systemAdminUserAuthorityReq:= false
	passwordUserAuthorityReq:= "*****"
	loginUserAuthorityReq:= true
	request.Body = &model.UserAuthorityReq{
		Desc: &descUserAuthorityReq,
		ConnLimit: &connLimitUserAuthorityReq,
		Inherit: &inheritUserAuthorityReq,
		CreateDb: &createDbUserAuthorityReq,
		CreateRole: &createRoleUserAuthorityReq,
		PasswordDisable: &passwordDisableUserAuthorityReq,
		LogicalCluster: &logicalClusterUserAuthorityReq,
		SystemAdmin: &systemAdminUserAuthorityReq,
		Password: &passwordUserAuthorityReq,
		Login: &loginUserAuthorityReq,
		Type: "user",
		Name: "user1",
	}
	response, err := client.CreateDatabaseUser(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

For SDK sample code of more programming languages, see the Sample Code tab in API Explorer. SDK sample code can be automatically generated.

Status Codes

Status Code

Description

200

Request submitted.

400

Request error.

401

Authentication failed.

403

You do not have required permissions.

417

Internal server error.

500

Internal server error.