All Products
Search

This Product

    Resource Orchestration Service:ALIYUN::RDS::AccountPrivilege

    Document Center

    Resource Orchestration Service:ALIYUN::RDS::AccountPrivilege

    Last Updated:Jun 15, 2026

    Authorizes an account to access a database on an ApsaraDB RDS instance.

    Note

    If you create both ALIYUN::RDS::Database and ALIYUN::RDS::Account resources in a stack and use ALIYUN::RDS::AccountPrivilege to grant permissions, you must set the DependsOn property in ALIYUN::RDS::Database to the corresponding ALIYUN::RDS::Account resource.

    Syntax

    {
  "Type": "ALIYUN::RDS::AccountPrivilege",
  "Properties": {
    "AccountPrivilege": String,
    "DBInstanceId": String,
    "DBName": String,
    "AccountName": String
  }
}

    Properties

    Property

    Type

    Required

    Editable

    Description

    Constraint

    AccountPrivilege

    String

    Yes

    Yes

    The permissions to grant to the account.

    The number of AccountPrivilege values must match the number of DBName values.

    Valid values:

    • ReadWrite: read and write permissions

    • ReadOnly: read-only permissions

    • DDLOnly: data definition language (DDL) permissions only

    • DMLOnly: data manipulation language (DML) permissions only

    • DBOwner: full permissions

    Note

    • ReadWrite, ReadOnly, DDLOnly, and DMLOnly are supported for ApsaraDB RDS for MySQL or ApsaraDB RDS for MariaDB.

    • ReadWrite, ReadOnly, and DBOwner are supported for ApsaraDB RDS for SQL Server.

    • DBOwner is supported for ApsaraDB RDS for PostgreSQL with cloud disks.

    DBInstanceId

    String

    Yes

    No

    The ID of the ApsaraDB RDS instance.

    None.

    DBName

    String

    Yes

    No

    The name of the database to which you want to grant access.

    Separate multiple names with commas (,).

    AccountName

    String

    Yes

    No

    The account name.

    None.

    Return values

    Fn::GetAtt

    None.

    Examples

    YAML

    ROSTemplateFormatVersion: '2015-09-01'
Parameters:
  DBInstanceId:
    Type: String
    AssociationProperty: ALIYUN::RDS::Instance::InstanceId
Resources:
  AccountPrivilege:
    Type: ALIYUN::RDS::AccountPrivilege
    Properties:
      AccountPrivilege: ReadOnly
      DBInstanceId:
        Ref: DBInstanceId
      DBName: dev
      AccountName: DBUser
Outputs: {}

    JSON

    {
  "ROSTemplateFormatVersion": "2015-09-01",
  "Parameters": {
    "DBInstanceId": {
      "Type": "String",
      "AssociationProperty": "ALIYUN::RDS::Instance::InstanceId"
    }
  },
  "Resources": {
    "AccountPrivilege": {
      "Type": "ALIYUN::RDS::AccountPrivilege",
      "Properties": {
        "AccountPrivilege": "ReadOnly",
        "DBInstanceId": {
          "Ref": "DBInstanceId"
        },
        "DBName": "dev",
        "AccountName": "DBUser"
      }
    }
  },
  "Outputs": {}
}