ALIYUN::POLARDB::AccountPrivilege类型用于授权普通账号访问PolarDB集群的某个数据库。一个账号可以关联一个或多个数据库。

语法

{
  "Type": "ALIYUN::POLARDB::AccountPrivilege",
  "Properties": {
    "DBClusterId": String,
    "AccountPrivilege": String,
    "DBName": String,
    "AccountName": String
  }
}

属性

属性名称 类型 必须 允许更新 描述 约束
DBClusterId String 集群ID。 无。
AccountPrivilege String 账号权限。 取值: ReadWrite(读写)、ReadOnly(只读)、DMLOnly(只允许DML)、DDLOnly(只允许DDL)。AccountPrivilege的个数需要与DBName保持一致,且顺序对应。
DBName String 设置要授权的数据库名。 支持同时对一个或多个数据库授权。多个数据库之间用英文逗号(,)隔开。
AccountName String 账号名。 无。

返回值

Fn::GetAtt

无。

示例

JSON格式

{
  "ROSTemplateFormatVersion": "2015-09-01",
  "Resources": {
    "AccountPrivilege": {
      "Type": "ALIYUN::POLARDB::AccountPrivilege",
      "Properties": {
        "DBClusterId": {
          "Ref": "DBClusterId"
        },
        "AccountPrivilege": {
          "Ref": "AccountPrivilege"
        },
        "DBName": {
          "Ref": "DBName"
        },
        "AccountName": {
          "Ref": "AccountName"
        }
      }
    }
  },
  "Parameters": {
    "DBClusterId": {
      "Type": "String",
      "Description": "The ID of the ApsaraDB for POLARDB cluster to which a database account belongs."
    },
    "AccountPrivilege": {
      "MinLength": 1,
      "Type": "String",
      "Description": "The permissions of the database account on the database. Valid values: ReadWrite: has read and write permissions on the database. ReadOnly: has the read-only permission on the database. DMLOnly: runs only data manipulation language (DML) statements. DDLOnly: runs only data definition language (DDL) statements.The number of account permissions specified by the AccountPrivilege parameter must be the same as that of database names specified by the DBName parameter. Each account permission must correspond to a database name in sequence. Separate multiple permissions with a comma (,)."
    },
    "DBName": {
      "MinLength": 1,
      "Type": "String",
      "Description": "The name of the database whose access permissions are to be granted to the database account. You can grant access permissions on one or more databases to the database account.Separate multiple databases with a comma (,)."
    },
    "AccountName": {
      "MinLength": 1,
      "Type": "String",
      "Description": "The name of the database account to be granted access permissions.",
      "MaxLength": 16
    }
  }
}

YAML格式

ROSTemplateFormatVersion: '2015-09-01'
Resources:
  AccountPrivilege:
    Type: ALIYUN::POLARDB::AccountPrivilege
    Properties:
      DBClusterId:
        Ref: DBClusterId
      AccountPrivilege:
        Ref: AccountPrivilege
      DBName:
        Ref: DBName
      AccountName:
        Ref: AccountName
Parameters:
  DBClusterId:
    Type: String
    Description: The ID of the ApsaraDB for POLARDB cluster to which a database account
      belongs.
  AccountPrivilege:
    MinLength: 1
    Type: String
    Description: 'The permissions of the database account on the database. Valid values:
      ReadWrite: has read and write permissions on the database. ReadOnly: has the
      read-only permission on the database. DMLOnly: runs only data manipulation language
      (DML) statements. DDLOnly: runs only data definition language (DDL) statements. The
      number of account permissions specified by the AccountPrivilege parameter must
      be the same as that of database names specified by the DBName parameter. Each
      account permission must correspond to a database name in sequence.Separate multiple
      permissions with a comma (,).'
  DBName:
    MinLength: 1
    Type: String
    Description: The name of the database whose access permissions are to be granted
      to the database account. You can grant access permissions on one or more databases
      to the database account. Separate multiple databases with a comma (,).
  AccountName:
    MinLength: 1
    Type: String
    Description: The name of the database account to be granted access permissions.
    MaxLength: 16