Help Center/ GaussDB/ API Reference/ APIs (Recommended)/ Database and Account Management/ Deleting a Client Access Authentication Configuration
Updated on 2025-10-20 GMT+08:00
View PDF
Share

Deleting a Client Access Authentication Configuration

Function

This API is used to delete the client access authentication configuration of an instance. Before calling this API:

Constraints

Currently, client access authentication cannot be synchronized within a DR relationship. If a DR relationship has been established between two instances, you are advised to perform the same configuration on the peer instance.

Debugging

You can debug this API in API Explorer.

URI

DELETE /v3/{project_id}/instances/{instance_id}/hba-info

Table 1 Parameter description

Parameter

Mandatory

Description

project_id

Yes

Definition

Project ID of a tenant in a region.

To obtain the value, see Obtaining a Project ID.

Constraints

N/A

Range

The value can contain 32 characters. Only letters and digits are allowed.

Default Value

N/A

instance_id

Yes

Definition

Instance ID, which uniquely identifies an instance.

Constraints

N/A

Range

The value can contain 36 characters. Only letters and digits are allowed.

Default Value

N/A

Request Parameters

Table 2 Request header parameters

Parameter

Mandatory

Type

Description

X-Auth-Token

Yes

String

Definition

User token.

You can obtain the token by calling the IAM API used to obtain a user token.

The value of X-Subject-Token in the response header is the token value.

Constraints

N/A

Range

N/A

Default Value

N/A

X-Language

No

String

Definition

Language.

Constraints

N/A

Range

  • zh-cn
  • en-us

Default Value

en-us
Table 3 Parameter description

Parameter

Mandatory

Type

Description

hba_confs

Yes

Array of objects

Definition

Client access configuration information to be deleted. For details, see Table 4.

Constraints

N/A
Table 4 Data structure description of the hba_confs field

Parameter

Mandatory

Type

Description

type

Yes

String

Definition

Client connection type.

Constraints

N/A

Range

  • host: The record accepts either a common TCP/IP-socket connection or a TCP/IP-socket connection encrypted through SSL.
  • hostssl: The record accepts only a TCP/IP socket connection encrypted through SSL.
  • hostnossl: The record accepts only a common TCP/IP socket connection.

Default Value

N/A

database

Yes

String

Definition

Database that a record matches and can access. In the multi-tenancy scenario, this parameter specifies the PDB that a record matches and can access.

Constraints

N/A

Range

  • all: The record matches all databases.
  • A specific database name or a list of databases separated by commas (,)
    NOTE:
    • replication: If a replication connection is requested, the record matches the connection. But this does not mean that the record matches any specific database. To use a database named replication, specify it in the database column.
    • In a multi-tenant database, the value replication_pdb1 indicates that if a replication connection named pdb1 is requested, the matching is successful. The value replication takes effect only for non-PDBs.
    • The PDB replication connection takes effect in replication_[pdbname] mode. pdbname indicates the name of the created PDB.
    • To use a database named replication_pdb1, specify it in the database column.

Default Value

N/A

user

Yes

String

Definition

Users who match the record and are allowed to access databases.

Constraints

System users are not supported.

Range

  • all: The record matches all users.
  • A specific database username or a list of users separated by commas (,)

Default Value

N/A

address

Yes

String

Definition

Range of IP addresses that match the record and can be accessed.

Constraints

  • Currently, only the IP address/mask length format is supported.
  • If the DB engine version is V2.0-8.1.0 or later, IPv6 addresses can be configured for address.

Range

IPv4 and IPv6 addresses are supported. The IP address range can be expressed in the following format:

IP-address/mask-length Example: 10.10.0.0/24 or 2001:250:250:250:250:250:250:175/128.

Default Value

N/A

method

Yes

String

Definition

Authentication mode used for connection.

Constraints

N/A

Range

User APIs support the following authentication modes:

  • reject: A connection is rejected unconditionally. It is often used to filter certain hosts.
  • md5: MD5 has lower security and poses security risks. Therefore, you are advised to use a more secure cryptographic algorithm. md5 is not supported by default. You can configure the password_encryption_type parameter.
  • sha256: The client is required to provide a SHA256-encrypted password for authentication. The password is encrypted based on the unidirectional SHA-256 of salt (a random number sent from the server to the client) when being transmitted, enhancing the security.
  • sm3: The client is required to provide an SM3-encrypted password for authentication. The password is encrypted based on the one-way SM3 of salt (a random number sent from the server to the client) when being transmitted, enhancing the security.
  • cert: A client certificate is used for authentication. In this mode, the SSL connection must be configured and the client must provide a valid SSL certificate. The user password is not required. The cert authentication mode supports only the hostssl client connection type.

Default Value

N/A

Response Parameters

None

Example Request

Deleting a client access authentication configuration

DELETE https://gaussdb-opengauss.ap-southeast-1.myhuaweicloud.com/v3/0483b6b16e954cb88930a360d2c4e663/instances/{instance_id}/hba-info
{
    "hba_confs":[
        {
            "type":"host",
            "database":"all",
            "user":"root",
            "address":"0.0.1.1/24",
            "method":"sha256"
        }
    ]
}

Example Response

None

Status Codes

Error Codes

For details, see Error Codes.