All Products
Search
Document Center

Resource Orchestration Service:ALIYUN::RDS::AccountPrivilege

最終更新日:Nov 21, 2024

ALIYUN::RDS::AccountPrivilege is used to authorize an account to access a database.

Note

If you create both ALIYUN::RDS::Database and ALIYUN::RDS::Account resources in a stack and use ALIYUN::RDS::AccountPrivilege to grant the required permissions, you must specify the DependsOn property in ALIYUN::RDS::Database and specify ALIYUN::RDS::Account in the property.

Syntax

{
  "Type": "ALIYUN::RDS::AccountPrivilege",
  "Properties": {
    "AccountPrivilege": String,
    "DBInstanceId": String,
    "DBName": String,
    "AccountName": String
  }
}

Properties

Property

Type

Required

Editable

Description

Constraint

AccountPrivilege

String

Yes

Yes

The permissions that you want to grant to the account.

The number of AccountPrivilege values must be the same as the number of DBName values.

Valid values:

  • ReadWrite: permissions to perform read and write operations

  • ReadOnly: permissions to perform read-only operations

  • DDLOnly: permissions to perform only data definition language (DDL) operations

  • DMLOnly: permissions to perform only data manipulation language (DML) operations

  • DBOwner: full permissions

Note
  • ReadWrite, ReadOnly, DDLOnly, and DMLOnly are supported for ApsaraDB RDS for MySQL or ApsaraDB RDS for MariaDB.

  • ReadWrite, ReadOnly, and DBOwner are supported for ApsaraDB RDS for SQL Server.

  • DBOwner is supported for ApsaraDB RDS for PostgreSQL with cloud disks.

DBInstanceId

String

Yes

No

The instance ID.

None.

DBName

String

Yes

No

The name of the database on which you want to grant access permissions.

Separate multiple names with commas (,).

AccountName

String

Yes

No

The account name.

None.

Return values

Fn::GetAtt

None.

Examples

YAML

ROSTemplateFormatVersion: '2015-09-01'
Parameters:
  DBInstanceId:
    Type: String
    AssociationProperty: ALIYUN::RDS::Instance::InstanceId
Resources:
  AccountPrivilege:
    Type: ALIYUN::RDS::AccountPrivilege
    Properties:
      AccountPrivilege: ReadOnly
      DBInstanceId:
        Ref: DBInstanceId
      DBName: dev
      AccountName: DBUser
Outputs: {}

JSON

{
  "ROSTemplateFormatVersion": "2015-09-01",
  "Parameters": {
    "DBInstanceId": {
      "Type": "String",
      "AssociationProperty": "ALIYUN::RDS::Instance::InstanceId"
    }
  },
  "Resources": {
    "AccountPrivilege": {
      "Type": "ALIYUN::RDS::AccountPrivilege",
      "Properties": {
        "AccountPrivilege": "ReadOnly",
        "DBInstanceId": {
          "Ref": "DBInstanceId"
        },
        "DBName": "dev",
        "AccountName": "DBUser"
      }
    }
  },
  "Outputs": {}
}