Help Center/ Data Lake Insight/ API Reference/ Permission-related APIs/ Granting Data Access Control to Users or Projects
Updated on 2024-05-22 GMT+08:00

Granting Data Access Control to Users or Projects

Function

This API is used to grant data permissions for a database or data table to a specified user or project.

The user group containing the authorized user must have the Tenant Guest permission in the region where the user group belongs.

Permissions can only be granted to projects within the same region of the same tenant.

For details about the Tenant Guest permission and how to apply for the permission, see System Permissions and Creating a User Group in Identity and Access Management User Guide.

URI

  • URI format

    PUT /v1.0/{project_id}/authorization

  • Parameter description
    Table 1 URI parameter

    Parameter

    Mandatory

    Type

    Description

    project_id

    Yes

    String

    Project ID, which is used for resource isolation. For details about how to obtain its value, see Obtaining a Project ID.

Request

Table 2 Request parameters

Parameter

Mandatory

Type

Description

user_name

No

String

Name of the user who is granted, revoked, or updated permissions on a database or data table

grant_project_id

No

String

ID of the project that is granted permissions to access a database or data table. Once granted, the project administrator will have access to the database or data table.

action

Yes

String

Grants, revokes, or updates permissions.

  • grant: Grants permissions.
  • revoke: Revokes permissions.
  • update: Updates permissions.
NOTE:

Users can perform the update operation only when they have been granted the grant and revoke permissions.

privileges

Yes

Array of objects

Granted permissions. For details, see Table 3.

Table 3 privileges parameters

Parameter

Mandatory

Type

Description

object

Yes

String

Data objects whose permissions are to be granted. If they are named:

  • databases.Database name, all data in the database will be shared.
  • databases.Database name.tables.Table name, data in a specified table will be shared.
  • databases.Database name.tables.Table name.columns.Column name, data in a specified column will be shared.
  • edsconnections.Connection ID: grants the permission to use an enhanced datasource connection.

privileges

Yes

Array of strings

List of permissions to be granted, revoked, or updated

NOTE:

If action is set to update and the update list is empty, the user's all permissions on the database or data table are revoked.

Response

Table 4 Response parameters

Parameter

Mandatory

Type

Description

is_success

No

Boolean

Whether the request is successfully executed. Value true indicates that the request is successfully executed.

message

No

String

System prompt. If the execution succeeds, the message may be left blank.

Example Request

  • Grant a project (ID: 0732e57c728025922f04c01273686950) the permission to query data in the database db1, delete the data table db1.tbl, and query data in a specified column db1.tbl.column1 of a data table.
    {
      "grant_project_id": "0732e57c728025922f04c01273686950",
      "action": "grant",
      "privileges": [
        {
          "object": "databases.db1.tables.tb2.columns.column1",
          "privileges": ["SELECT"]
         },
        {
          "object": "databases.db1.tables.tbl",
          "privileges": ["DROP_TABLE"]
        },
       {
       "object": "databases.db1",
       "privileges": ["SELECT"]
       }
     ]
    }
  • Grant the data query permission of the dbtest database to the dlitest user.
    {
        "action": "grant",
        "privileges": [
            {
                "object": "databases.dbtest",
                "privileges": [
                    "SELECT"
                ]
            }
        ],
        "user_name": "dlitest"
    }

Example Response

{
  "is_success": true,
  "message": "" 
}

Status Codes

Table 5 describes the status codes.

Table 5 Status codes

Status Code

Description

200

Authorization succeeds.

400

Request error.

500

Internal server error.

Error Codes

If an error occurs when this API is invoked, the system does not return the result similar to the preceding example, but returns the error code and error information. For details, see Error Codes.