Granting Data Access Control to Users or Projects
Function
This API is used to grant data permissions for a database or data table to a specified user or project.
The user group containing the authorized user must have the Tenant Guest permission in the region where the user group belongs.
Permissions can only be granted to projects within the same region of the same tenant.
For details about the Tenant Guest permission and how to apply for the permission, see System Permissions and Creating a User Group in Identity and Access Management User Guide.
URI
- URI format
- Parameter description
Table 1 URI parameter Parameter
Mandatory
Type
Description
project_id
Yes
String
Definition
Project ID, which is used for resource isolation. For details about how to obtain its value, see Obtaining a Project ID.
Constraints
None
Range
The value can contain up to 64 characters. Only letters and digits are allowed.
Default Value
None
Request Parameters
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
user_name |
No |
String |
Definition Name of the user who is granted, revoked, or updated permissions on a database or data table Constraints None Range The value can contain up to 256 characters. Default Value None |
|
projectId |
No |
String |
Definition ID of the project that is granted permissions to access a database or data table. Once granted, the project administrator will have access to the database or data table. Constraints None Range None Default Value None |
|
action |
Yes |
String |
Definition Grants, revokes, or updates permissions.
Constraints Users can perform the update operation only when they have been granted the grant and revoke permissions. Range None Default Value None |
|
privileges |
Yes |
Array of objects |
Definition Granted permissions. For details, see Table 3. Constraints None Range None Default Value None |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
object |
Yes |
String |
Definition Data object permissions are granted to Constraints The naming method is as follows:
Range None Default Value None |
|
privileges |
Yes |
Array of strings |
Definition List of permissions to be granted, revoked, or updated Constraints If action is set to update and the update list is empty, the user's all permissions on the database or data table are revoked. Range None Default Value None |
Response Parameters
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
is_success |
No |
Boolean |
Definition Whether the request is successfully executed. Constraints N/A Range
Default Value N/A |
|
message |
No |
String |
Definition System prompt. If the execution succeeds, this parameter may be left blank. Constraints None Range None Default Value None |
Example Request
- Grant a project (ID: 0732e57c728025922f04c01273686950) the permission to query data in the database db1, delete the data table db1.tbl, and query data in a specified column db1.tbl.column1 of a data table.
{ "projectId": "0732e57c728025922f04c01273686950", "action": "grant", "privileges": [ { "object": "databases.db1.tables.tb2.columns.column1", "privileges": ["SELECT"] }, { "object": "databases.db1.tables.tbl", "privileges": ["DROP_TABLE"] }, { "object": "databases.db1", "privileges": ["SELECT"] } ] } - Grant the data query permission of the dbtest database to the dlitest user.
{ "action": "grant", "privileges": [ { "object": "databases.dbtest", "privileges": [ "SELECT" ] } ], "user_name": "dlitest" }
Example Response
{
"is_success": true,
"message": ""
}
Status Codes
Table 5 describes the status codes.
Error Codes
If an error occurs when this API is invoked, the system does not return the result similar to the preceding example, but returns the error code and error information. For details, see Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
