ALIYUN::RDS::AccountPrivilege is used to authorize an account to access a database.
Note If you create ALIYUN::RDS::Database and ALIYUN::RDS::Account resources in a stack at the same time and use ALIYUN::RDS::AccountPrivilege to grant the required permissions, you must specify the DependsOn property in ALIYUN::RDS::Database and specify ALIYUN::RDS::Account in the property.
Syntax
{
"Type": "ALIYUN::RDS::AccountPrivilege",
"Properties": {
"AccountPrivilege": String,
"DBInstanceId": String,
"DBName": String,
"AccountName": String
}
}
Properties
Property | Type | Required | Editable | Description | Constraint |
AccountPrivilege | String | Yes | Yes | The permissions that you want to grant to the account to perform specific operations in the database. | Valid values: ReadWrite: The account can perform read and write operations in the database. ReadOnly: The account can perform only read operations in the database. DDLOnly: The account can perform only data definition language (DDL) operations in the database. DMLOnly: The account can perform only data manipulation language (DML) operations in the database. DBOwner: The account has full permissions on the database.
Note ReadWrite, ReadOnly, DDLOnly, and DMLOnly are applicable to ApsaraDB RDS for MySQL or ApsaraDB RDS for MariaDB instances. ReadWrite, ReadOnly, and DBOwner are applicable to ApsaraDB RDS for SQL Server instances. DBOwner is applicable to ApsaraDB RDS for PostgreSQL instances that use cloud disks.
|
DBInstanceId | String | Yes | No | The instance ID. | None. |
DBName | String | Yes | No | The name of the database on which you want to grant access permissions. | None. |
AccountName | String | Yes | No | The name of the account. | None. |
Return values
Fn::GetAtt
None.
Examples
YAML
format
ROSTemplateFormatVersion: '2015-09-01'
Parameters:
DBInstanceId:
Type: String
AssociationProperty: ALIYUN::RDS::Instance::InstanceId
Resources:
AccountPrivilege:
Type: ALIYUN::RDS::AccountPrivilege
Properties:
AccountPrivilege: ReadOnly
DBInstanceId:
Ref: DBInstanceId
DBName: dev
AccountName: DBUser
Outputs: {}
JSON
format
{
"ROSTemplateFormatVersion": "2015-09-01",
"Parameters": {
"DBInstanceId": {
"Type": "String",
"AssociationProperty": "ALIYUN::RDS::Instance::InstanceId"
}
},
"Resources": {
"AccountPrivilege": {
"Type": "ALIYUN::RDS::AccountPrivilege",
"Properties": {
"AccountPrivilege": "ReadOnly",
"DBInstanceId": {
"Ref": "DBInstanceId"
},
"DBName": "dev",
"AccountName": "DBUser"
}
}
},
"Outputs": {}
}