Updated on 2024-06-07 GMT+08:00

Granting Read or Write Permissions to a Database Account

Function

This API is used to grant read or write permissions to a database account in a specified DB instance.

  • Before calling an API, you need to understand the API in Authentication.

Constraints

  • This operation cannot be performed when the DB instance is in any of the following statuses: creating, changing instance class, changing port, frozen, or abnormal.
  • By default, read-only users have the create and usage permissions on the public schema.

URI

  • URI format

    POST /v3/{project_id}/instances/{instance_id}/db_privilege

  • Parameter description
    Table 1 Parameter description

    Name

    Mandatory

    Description

    project_id

    Yes

    Project ID of a tenant in a region.

    For details about how to obtain the project ID, see Obtaining a Project ID.

    instance_id

    Yes

    Specifies the DB instance ID.

Request

Table 2 Parameter description

Name

Mandatory

Type

Description

db_name

Yes

String

Database name.

The database name contains 1 to 63 characters, including letters, digits, and underscores (_). It cannot start with pg or a digit, and must be different from RDS for PostgreSQL template library names.

RDS for PostgreSQL template libraries include postgres, template0, and template1.

users

Yes

Array of objects

Database accounts. Each element is a database account. A single request supports a maximum of 50 elements.

For details on the element structure, see Table 3.

Table 3 users field data structure description

Name

Mandatory

Type

Description

name

Yes

String

Specifies the username of the database account.

The database account name contains 1 to 63 characters, including letters, digits, and underscores (_). It cannot start with pg or a digit and must be different from system user names.

System users include rdsAdmin, rdsMetric, rdsBackup, rdsRepl, rdsProxy, and rdsDdm.

readonly

Yes

Boolean

Specifies the database account permissions.

  • true: read-only
  • false: read and write

schema_name

Yes

String

Specifies the schema name.

The value cannot be empty and contains 1 to 63 characters, including letters, digits, and underscores (_). It cannot start with pg or a digit, and must be different from RDS for PostgreSQL template library names and existing schema names. This parameter is mandatory.

RDS for PostgreSQL template libraries include postgres, template0, and template1.

Example Request

Grant read and write permissions to rds and rds002, and read-only permissions to rds001.
POST https://{endpoint}/v3/0483b6b16e954cb88930a360d2c4e663/instances/f569f1358436479dbcba8603c32cc4aein03/db_privilege

{"db_name": "rds_test",
    "users": [
        {
            "name": "rds",
            "readonly": false,
            "schema_name": "teste123"
        },
        {
            "name": "rds001",
            "readonly": true,
            "schema_name": "teste123"
        },
       {
            "name": "rds002",
            "readonly": false,
            "schema_name": "teste123"
        }
    ]
 }

Response

  • Normal response
    Table 4 Parameter description

    Name

    Type

    Description

    resp

    String

    Returns successful if the invoking is successful.

Status Code

Error Code

For details, see Error Codes.