All Products
Search

This Product

    Resource Orchestration Service:ALIYUN::RDS::AccountPrivilege

    Document Center

    Resource Orchestration Service:ALIYUN::RDS::AccountPrivilege

    Last Updated:Sep 11, 2023

    ALIYUN::RDS::AccountPrivilege is used to authorize an account to access a database.

    Note

    If you create ALIYUN::RDS::Database and ALIYUN::RDS::Account resources in a stack at the same time and use ALIYUN::RDS::AccountPrivilege to grant the required permissions, you must specify the DependsOn property in ALIYUN::RDS::Database and specify ALIYUN::RDS::Account in the property.

    Syntax

    {
  "Type": "ALIYUN::RDS::AccountPrivilege",
  "Properties": {
    "AccountPrivilege": String,
    "DBInstanceId": String,
    "DBName": String,
    "AccountName": String
  }
}

    Properties

    Property

    Type

    Required

    Editable

    Description

    Constraint

    AccountPrivilege

    String

    Yes

    Yes

    The permissions that you want to grant to the account to perform specific operations in the database.

    Valid values:

    • ReadWrite: The account can perform read and write operations in the database.

    • ReadOnly: The account can perform only read operations in the database.

    • DDLOnly: The account can perform only data definition language (DDL) operations in the database.

    • DMLOnly: The account can perform only data manipulation language (DML) operations in the database.

    • DBOwner: The account has full permissions on the database.

    Note

    • ReadWrite, ReadOnly, DDLOnly, and DMLOnly are applicable to ApsaraDB RDS for MySQL or ApsaraDB RDS for MariaDB instances.

    • ReadWrite, ReadOnly, and DBOwner are applicable to ApsaraDB RDS for SQL Server instances.

    • DBOwner is applicable to ApsaraDB RDS for PostgreSQL instances that use cloud disks.

    DBInstanceId

    String

    Yes

    No

    The instance ID.

    None.

    DBName

    String

    Yes

    No

    The name of the database on which you want to grant access permissions.

    None.

    AccountName

    String

    Yes

    No

    The name of the account.

    None.

    Return values

    Fn::GetAtt

    None.

    Examples

    • YAML format

      ROSTemplateFormatVersion: '2015-09-01'
Parameters:
  DBInstanceId:
    Type: String
    AssociationProperty: ALIYUN::RDS::Instance::InstanceId
Resources:
  AccountPrivilege:
    Type: ALIYUN::RDS::AccountPrivilege
    Properties:
      AccountPrivilege: ReadOnly
      DBInstanceId:
        Ref: DBInstanceId
      DBName: dev
      AccountName: DBUser
Outputs: {}

    • JSON format

      {
  "ROSTemplateFormatVersion": "2015-09-01",
  "Parameters": {
    "DBInstanceId": {
      "Type": "String",
      "AssociationProperty": "ALIYUN::RDS::Instance::InstanceId"
    }
  },
  "Resources": {
    "AccountPrivilege": {
      "Type": "ALIYUN::RDS::AccountPrivilege",
      "Properties": {
        "AccountPrivilege": "ReadOnly",
        "DBInstanceId": {
          "Ref": "DBInstanceId"
        },
        "DBName": "dev",
        "AccountName": "DBUser"
      }
    }
  },
  "Outputs": {}
}