Updated on 2025-08-20 GMT+08:00

Configuring Account Permissions

Function

This API is used to set account permissions to read-only or read/write.

Constraints

This operation cannot be performed when the DB instance is in any of the following statuses: creating, changing instance class, changing port, frozen, or abnormal.

URI

  • URI format

    POST /v3/{project_id}/instances/{instance_id}/user-privilege

  • Parameter description
    Table 1 Parameters

    Parameter

    Mandatory

    Description

    project_id

    Yes

    Definition

    Project ID of a tenant in a region.

    To obtain the value, see Obtaining a Project ID.

    Constraints

    N/A

    Range

    N/A

    Default Value

    N/A

    instance_id

    Yes

    Definition

    Instance ID.

    Constraints

    N/A

    Range

    N/A

    Default Value

    N/A

Request

Table 2 Parameters

Parameter

Mandatory

Type

Description

all_users

Yes

Boolean

Definition

Whether to configure permissions for all database accounts.

Constraints

N/A

Range

  • true: Configure permissions for all database accounts. The user_name parameter is ignored.
  • false: Configure permissions only for the account specified by user_name.

Default Value

N/A

user_name

No

String

Definition

Username of the database account.

Constraints

N/A

Range

The username contains 1 to 63 characters, including letters, digits, and underscores (_). It cannot start with pg or a digit and must be different from system usernames. System usernames include rdsAdmin, rdsMetric, rdsBackup, rdsRepl, rdsProxy, and rdsDdm.

Default Value

N/A

readonly

Yes

Boolean

Definition

Whether the permission is read-only.

Constraints

N/A

Range

  • true: read-only
  • false: read/write

Default Value

N/A

Example Request

  • Set all database accounts to read-only.
    POST https://{endpoint}/v3/0483b6b16e954cb88930a360d2c4e663/instances/f569f1358436479dbcba8603c32cc4aein03/user-privilege
    
    {
        "all_users": true,
        "readonly": true
    }
  • Set all database accounts to readable and writable.
    {
        "all_users": true,
        "readonly": false
    }
  • Set a single database account to read-only.
    {
        "all_users": false,
        "user_name": "test1234",
        "readonly": true
    }
  • Set a single database account to readable and writable.
    {
        "all_users": false,
        "user_name": "test1234",
        "readonly": false
    }

Response

  • Normal response

    None

Status Code

Error Code

For details, see Error Codes.