All Products
Search
Document Center

Resource Orchestration Service:ALIYUN::RDS::AccountPrivilege

Last Updated:Sep 11, 2023

ALIYUN::RDS::AccountPrivilege is used to authorize an account to access a database.

Note

If you create ALIYUN::RDS::Database and ALIYUN::RDS::Account resources in a stack at the same time and use ALIYUN::RDS::AccountPrivilege to grant the required permissions, you must specify the DependsOn property in ALIYUN::RDS::Database and specify ALIYUN::RDS::Account in the property.

Syntax

{
  "Type": "ALIYUN::RDS::AccountPrivilege",
  "Properties": {
    "AccountPrivilege": String,
    "DBInstanceId": String,
    "DBName": String,
    "AccountName": String
  }
}

Properties

Property

Type

Required

Editable

Description

Constraint

AccountPrivilege

String

Yes

Yes

The permissions that you want to grant to the account to perform specific operations in the database.

Valid values:

  • ReadWrite: The account can perform read and write operations in the database.

  • ReadOnly: The account can perform only read operations in the database.

  • DDLOnly: The account can perform only data definition language (DDL) operations in the database.

  • DMLOnly: The account can perform only data manipulation language (DML) operations in the database.

  • DBOwner: The account has full permissions on the database.

Note
  • ReadWrite, ReadOnly, DDLOnly, and DMLOnly are applicable to ApsaraDB RDS for MySQL or ApsaraDB RDS for MariaDB instances.

  • ReadWrite, ReadOnly, and DBOwner are applicable to ApsaraDB RDS for SQL Server instances.

  • DBOwner is applicable to ApsaraDB RDS for PostgreSQL instances that use cloud disks.

DBInstanceId

String

Yes

No

The instance ID.

None.

DBName

String

Yes

No

The name of the database on which you want to grant access permissions.

None.

AccountName

String

Yes

No

The name of the account.

None.

Return values

Fn::GetAtt

None.

Examples

  • YAML format

    ROSTemplateFormatVersion: '2015-09-01'
    Parameters:
      DBInstanceId:
        Type: String
        AssociationProperty: ALIYUN::RDS::Instance::InstanceId
    Resources:
      AccountPrivilege:
        Type: ALIYUN::RDS::AccountPrivilege
        Properties:
          AccountPrivilege: ReadOnly
          DBInstanceId:
            Ref: DBInstanceId
          DBName: dev
          AccountName: DBUser
    Outputs: {}
  • JSON format

    {
      "ROSTemplateFormatVersion": "2015-09-01",
      "Parameters": {
        "DBInstanceId": {
          "Type": "String",
          "AssociationProperty": "ALIYUN::RDS::Instance::InstanceId"
        }
      },
      "Resources": {
        "AccountPrivilege": {
          "Type": "ALIYUN::RDS::AccountPrivilege",
          "Properties": {
            "AccountPrivilege": "ReadOnly",
            "DBInstanceId": {
              "Ref": "DBInstanceId"
            },
            "DBName": "dev",
            "AccountName": "DBUser"
          }
        }
      },
      "Outputs": {}
    }