Updated on 2022-12-07 GMT+08:00

Granting Data Permission to Users

Function

This API is used to grant database or table data usage permission to specified users.

URI

  • URI format

    PUT /v1.0/{project_id}/user-authorization

  • Parameter description
    Table 1 URI parameter

    Parameter

    Mandatory

    Type

    Description

    project_id

    Yes

    String

    Project ID, which is used for resource isolation. For details about how to obtain its value, see Obtaining a Project ID.

Request

Table 2 Request parameters

Parameter

Mandatory

Type

Description

user_name

Yes

String

Name of the user who is granted with usage permission on a queue or whose queue usage permission is revoked or updated.

action

Yes

String

Grants or revokes the permission. The parameter value can be grant, revoke, or update.

  • grant: Indicates to grant users with permissions.
  • revoke: Indicates to revoke permissions.
  • update: Indicates to clear all the original permissions and assign the permissions in the provided permission array.
NOTE:

Users can perform the update operation only when they have been granted with the grant and revoke permissions.

privileges

Yes

Array of Objects

Permission granting information. For details, see Table 3.

Table 3 privileges parameters

Parameter

Mandatory

Type

Description

object

Yes

String

Data objects to be assigned. If they are named:

  • databases.Database name, data in the entire database will be shared.
  • databases.Database name.tables.Table name, data in the specified table will be shared.
  • databases.Database name.tables.Table name.columns.Column name, data in the specified column will be shared.
  • jobs.flink.Flink job ID, data the specified job will be shared.
  • groups. Package group name, data in the specified package group will be shared.
  • resources. Package name, data in the specified package will be shared.

privileges

Yes

Array of Strings

List of permissions to be granted, revoked, or updated.

NOTE:

If Action is Update and the update list is empty, all permissions of the user in the database or table are revoked.

Response

Table 4 Response parameters

Parameter

Mandatory

Type

Description

is_success

No

Boolean

Whether the request is successfully executed. Value true indicates that the request is successfully executed.

message

No

String

System prompt. If execution succeeds, the parameter setting may be left blank.

Example Request

{
  "user_name": "user2",
  "action": "grant",
  "privileges": [
    {
      "object": "databases.db1.tables.tb2.columns.column1",
      "privileges": [
        "SELECT"
      ]
    },
    {
      "object": "databases.db1.tables.tbl",
      "privileges": [
        "DROP_TABLE"
      ]
    },
    {
      "object": "databases.db1",
      "privileges": [
        "SELECT"
      ]
    }
  ]
}

Example Response

{
  "is_success": true,
  "message": "" 
}

Status Codes

Table 5 describes the status code.

Table 5 Status codes

Status Code

Description

200

Authorization succeeds.

400

Request error.

500

Internal service error.

Error Codes

If an error occurs when this API is invoked, the system does not return the result similar to the preceding example, but returns the error code and error information. For details, see Error Code.