All Products
Search

This Product

    Resource Orchestration Service:ALIYUN::RDS::AccountPrivilege

    Document Center

    Resource Orchestration Service:ALIYUN::RDS::AccountPrivilege

    Last Updated:Nov 21, 2024

    ALIYUN::RDS::AccountPrivilege is used to authorize an account to access a database.

    Note

    If you create both ALIYUN::RDS::Database and ALIYUN::RDS::Account resources in a stack and use ALIYUN::RDS::AccountPrivilege to grant the required permissions, you must specify the DependsOn property in ALIYUN::RDS::Database and specify ALIYUN::RDS::Account in the property.

    Syntax

    {
  "Type": "ALIYUN::RDS::AccountPrivilege",
  "Properties": {
    "AccountPrivilege": String,
    "DBInstanceId": String,
    "DBName": String,
    "AccountName": String
  }
}

    Properties

    Property

    Type

    Required

    Editable

    Description

    Constraint

    AccountPrivilege

    String

    Yes

    Yes

    The permissions that you want to grant to the account.

    The number of AccountPrivilege values must be the same as the number of DBName values.

    Valid values:

    • ReadWrite: permissions to perform read and write operations

    • ReadOnly: permissions to perform read-only operations

    • DDLOnly: permissions to perform only data definition language (DDL) operations

    • DMLOnly: permissions to perform only data manipulation language (DML) operations

    • DBOwner: full permissions

    Note

    • ReadWrite, ReadOnly, DDLOnly, and DMLOnly are supported for ApsaraDB RDS for MySQL or ApsaraDB RDS for MariaDB.

    • ReadWrite, ReadOnly, and DBOwner are supported for ApsaraDB RDS for SQL Server.

    • DBOwner is supported for ApsaraDB RDS for PostgreSQL with cloud disks.

    DBInstanceId

    String

    Yes

    No

    The instance ID.

    None.

    DBName

    String

    Yes

    No

    The name of the database on which you want to grant access permissions.

    Separate multiple names with commas (,).

    AccountName

    String

    Yes

    No

    The account name.

    None.

    Return values

    Fn::GetAtt

    None.

    Examples

    YAML

    ROSTemplateFormatVersion: '2015-09-01'
Parameters:
  DBInstanceId:
    Type: String
    AssociationProperty: ALIYUN::RDS::Instance::InstanceId
Resources:
  AccountPrivilege:
    Type: ALIYUN::RDS::AccountPrivilege
    Properties:
      AccountPrivilege: ReadOnly
      DBInstanceId:
        Ref: DBInstanceId
      DBName: dev
      AccountName: DBUser
Outputs: {}

    JSON

    {
  "ROSTemplateFormatVersion": "2015-09-01",
  "Parameters": {
    "DBInstanceId": {
      "Type": "String",
      "AssociationProperty": "ALIYUN::RDS::Instance::InstanceId"
    }
  },
  "Resources": {
    "AccountPrivilege": {
      "Type": "ALIYUN::RDS::AccountPrivilege",
      "Properties": {
        "AccountPrivilege": "ReadOnly",
        "DBInstanceId": {
          "Ref": "DBInstanceId"
        },
        "DBName": "dev",
        "AccountName": "DBUser"
      }
    }
  },
  "Outputs": {}
}