ALIYUN::RDS::AccountPrivilege is used to grant database access permissions to accounts.

Statement

{
  "Type": "ALIYUN::RDS::AccountPrivilege",
  "Properties": {
    "AccountPrivilege": String,
    "DBInstanceId": String,
    "DBName": String,
    "AccountName": String
  }
}

Properties

Parameter Type Required Editable Description Constraint
AccountPrivilege String No Yes The permissions of the database account. Valid values:
  • ReadWrite: has read and write permissions on the database.
  • ReadOnly: The account has read-only permission on the database.
  • DDLOnly: The account can run only data definition language (DDL) commands in the database. This is applicable to MySQL and MariaDB.
  • DMLOnly: The account can run only data manipulation language (DML) commands in the database. This is applicable to MySQL and MariaDB.
  • DBOwner: The account has full permissions on the database. This is applicable to SQL Server.
DBInstanceId String No No The ID of the RDS instance. None
DBName String No No The name of the database. None
AccountName String No No The name of the account. Valid values: 1025 to 10000. You cannot use the following commonly used port numbers: 2222, 4500, 4510, 4560, 7505, 9000, 9001, and 9002.

Response parameters

Fn::GetAtt

None

Sample request

{
  "ROSTemplateFormatVersion": "2015-09-01",
  "Resources": {
    "AccountPrivilege": {
      "Type": "ALIYUN::RDS::AccountPrivilege",
      "Properties": {
        "AccountPrivilege": {
          "Ref": "AccountPrivilege"
        },
        "DBInstanceId": [
          "Ref": "DBInstanceId"
        },
        "DBName": {
          "Ref": "DBName"
        },
        "AccountName": {
          "Ref": "AccountName"
        }
      }
    }
  },
  "Parameters": {
    "AccountPrivilege": {
      "Type": "String",
      "Description": "RDS account privilege",
      "AllowedValues": ["ReadOnly", "ReadWrite", "DDLOnly", "DMLOnly", "DBOwner"]
    },
    "DBInstanceId": [
      "Type": "String",
      "Description": "RDS instance ID."
    },
    "DBName": {
      "Type": "String",
      "Description": "RDS database name"
    },
    "AccountName": {
      "Type": "String",
      "Description": "RDS account name."
    }
  },
  "Outputs": {}
}