Grant permissions to an account - - Alibaba Cloud ドキュメントセンター

You can call the GrantAccountPrivilege operation to grant an account the permissions on a database of an ApsaraDB RDS instance.

Each account can be granted permissions on one or more databases. Before you call this operation, make sure that the instance is in the running state.

Note This operation is not supported for instances that run SQL Server 2017 (cluster edition) or PostgreSQL with local SSDs.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters


Parameter	Type	Required	Example	Description
Action	String	Yes	GrantAccountPrivilege	The operation that you want to perform. Set the value to GrantAccountPrivilege.
DBInstanceId	String	Yes	rm-uf6wjk5xxxxxxxxxx	The ID of the instance.
AccountName	String	Yes	test1	The username of the account.
DBName	String	Yes	testDB1	The name of the database on which you want to grant permissions. Separate multiple database names with commas (,).
AccountPrivilege	String	Yes	ReadWrite	The permissions that you want to grant to the account. The number of permissions must be the same as the number of databases that you specify for the DBName parameter. You can specify this parameter based on your business requirements. Valid values: ReadWrite: read and write permissions ReadOnly: read-only permissions DDLOnly: DDL-only permissions DMLOnly: DML-only permissions DBOwner: database owner permissions Note If the instance runs MySQL or MariaDB, you can set this parameter to ReadWrite, ReadOnly, DDLOnly, or DMLOnly. If the instance runs SQL Server, you can set this parameter to ReadWrite, ReadOnly, or DBOwner. If the instance runs PostgreSQL with standard SSDs or enhanced SSDs (ESSDs), you can set this parameter only to DBOwner.

Response parameters


Parameter	Type	Example	Description
RequestId	String	81BC9559-7B22-4B7F-B705-5F56DEECDEA7	The ID of the request.

Examples

Sample requests

http(s)://rds.aliyuncs.com/?Action=GrantAccountPrivilege
&DBInstanceId=rm-uf6wjk5xxxxxxxxxx
&AccountName=test1
&DBName=testDB1
&AccountPrivilege=ReadWrite
&Common request parameters

Sample success responses

XML format

HTTP/1.1 200 OK
Content-Type:application/xml

<?xml version="1.0" encoding="UTF-8" ?>
<GrantAccountPrivilegeResponse>
    <RequestId>81BC9559-7B22-4B7F-B705-5F56DEECDEA7</RequestId>
</GrantAccountPrivilegeResponse>

JSON format

HTTP/1.1 200 OK
Content-Type:application/json

{
  "RequestId" : "81BC9559-7B22-4B7F-B705-5F56DEECDEA7"
}

Error codes


HTTP status code	Error code	Error message	Description
400	Account.UpdateError	Update Account failed, please check your input value	The error message returned because the account fails to be updated. Check the request parameter settings or the configuration of the instance parameter policy.
400	Database.ConnectError	Database connect error. please check instance status and database processlist	The error message returned because the database connection is abnormal. Check the instance status and the connection pool of the database.
400	DbRestoring	Database is in restoring state.	The error message returned because the database is in the restoring state.
400	InvalidAccountPrivilege.Malformed	Specified account privilege is not valid.	The error message returned because your Alibaba Cloud account does not have the required permissions.
400	IncorrectAccountStatus	Current account status does not support this operation.	The error message returned because the account status does not support this operation.
400	IncorrectAccount	Current DB instance account does not support this operation.	The error message returned because the current account does not support this operation.
403	IncorrectDBInstanceType	Current DB instance type does not support this operation.	The error message returned because this operation is not supported when the instance is in the current state.
403	IncorrectDBInstanceState	Current DB instance state does not support this operation.	The error message returned because this operation is not supported when the instance is in the current state.
403	IncorrectAccountType	Current account type does not support this operation.	The error message returned because this operation is not supported by the current account type. Check the account type.
403	IncorrectAccountPrivilegeType	the current account privilege type does not support this operation.	The error message returned because the permission type of the current account does not support this operation.
403	OperationDenied.AccountMode	The operation is not permitted due to account mode of instance.	The error message returned because the account mode of the current instance does not support this operation.
403	IncorrectDBInstanceCharacterType	Current DB Instance character_type does not support this operation.	The error message returned because the character type of the current instance does not support this operation.
404	IncorrectDBInstanceLockMode	Current DB instance lock mode does not support this operation.	The error message returned because the instance is locked.
404	InvalidAccountName.NotFound	Specified account name does not exist.	The error message returned because the username of the current account cannot be found. Check the username.

For a list of error codes, see Service error codes.