Updated on 2024-03-15 GMT+08:00

Granting Data Permission to Users (Discarded)

Function

This API is used to grant database or table data usage permission to specified users.

The user group containing the authorized user must have the Tenant Guest permission in the region where the user group belongs.

For details about the Tenant Guest permission and how to apply for the permission, see System Permissions and Creating a User Group in Identity and Access Management User Guide.

This API has been discarded and is not recommended.

URI

  • URI format

    PUT /v1.0/{project_id}/user-authorization

  • Parameter description
    Table 1 URI parameter

    Parameter

    Mandatory

    Type

    Description

    project_id

    Yes

    String

    Project ID, which is used for resource isolation. For details about how to obtain its value, see Obtaining a Project ID.

Request

Table 2 Request parameters

Parameter

Mandatory

Type

Description

user_name

Yes

String

Name of the user who is granted with usage permission on a queue or whose queue usage permission is revoked or updated. Example value: user2.

action

Yes

String

Grants or revokes the permission. The parameter value can be grant, revoke, or update. Example value: grant.

  • grant: Indicates to grant users with permissions.
  • revoke: Indicates to revoke permissions.
  • update: Indicates to clear all the original permissions and assign the permissions in the provided permission array.
NOTE:

Users can perform the update operation only when they have been granted with the grant and revoke permissions.

privileges

Yes

Array of Objects

Permission granting information. For details, see Table 3. Example value:

[ {"object": "databases.db1.tables.tb2.columns.column1","privileges": ["SELECT"]},"object": "databases.db1.tables.tbl","privileges": [ "DROP_TABLE"]

Table 3 privileges parameters

Parameter

Mandatory

Type

Description

object

Yes

String

Data objects to be assigned. If they are named:

  • databases.Database name, data in the entire database will be shared.
  • databases.Database name.tables.Table name, data in the specified table will be shared.
  • databases.Database name.tables.Table name.columns.Column name, data in the specified column will be shared.
  • jobs.flink.Flink job ID, data the specified job will be shared.
  • groups.Package group name, data in the specified package group will be shared.
  • resources.Package name, data in the specified package will be shared.

    Example value: databases.db1.tables.tb2.columns.column1.

privileges

Yes

Array of Strings

List of permissions to be granted, revoked, or updated. For details about available permissions, see Data Permission List. Example value: [SELECT].

NOTE:

If Action is Update and the update list is empty, all permissions of the user in the database or table are revoked.

Response

Table 4 Response parameters

Parameter

Mandatory

Type

Description

is_success

No

Boolean

Whether the request is successfully executed. Value true indicates that the request is successfully executed. Example value: true.

message

No

String

System prompt. If execution succeeds, the parameter setting may be left blank. Example value: left blank.

Example Request

Grant user2 the permission to query data in the database db1, delete the data table db1.tbl, and query data in a specified column db1.tbl.column1 of a data table.

{
  "user_name": "user2",
  "action": "grant",
  "privileges": [
    {
      "object": "databases.db1.tables.tb2.columns.column1",
      "privileges": [
        "SELECT"
      ]
    },
    {
      "object": "databases.db1.tables.tbl",
      "privileges": [
        "DROP_TABLE"
      ]
    },
    {
      "object": "databases.db1",
      "privileges": [
        "SELECT"
      ]
    }
  ]
}

Example Response

{
  "is_success": true,
  "message": "" 
}

Status Codes

Table 5 describes the status code.

Table 5 Status codes

Status Code

Description

200

Authorization succeeds.

400

Request error.

500

Internal service error.

Error Codes

If an error occurs when this API is invoked, the system does not return the result similar to the preceding example, but returns the error code and error information. For details, see Error Codes.