Function

This API is used to grant database or table data usage permission to specified users.

URI

URI format
PUT /v1.0/{project_id}/user-authorization

Parameter description

**Table 1** URI parameter
Parameter	Mandatory	Type	Description
project_id	Yes	String	Project ID, which is used for resource isolation. For details about how to obtain its value, see Obtaining a Project ID.

Request

**Table 2** Request parameters
Parameter	Mandatory	Type	Description
user_name	Yes	String	Name of the user who is granted with usage permission on a queue or whose queue usage permission is revoked or updated. Example value: user2.
action	Yes	String	Grants or revokes the permission. The parameter value can be grant, revoke, or update. Example value: grant. grant: Indicates to grant users with permissions. revoke: Indicates to revoke permissions. update: Indicates to clear all the original permissions and assign the permissions in the provided permission array. NOTE: Users can perform the update operation only when they have been granted with the grant and revoke permissions.
privileges	Yes	Array of Objects	Permission granting information. For details, see Table 3. Example value: [ {"object": "databases.db1.tables.tb2.columns.column1","privileges": ["SELECT"]},"object": "databases.db1.tables.tbl","privileges": [ "DROP_TABLE"]

**Table 3** privileges parameters
Parameter	Mandatory	Type	Description
object	Yes	String	Data objects to be assigned. If they are named: databases.Database name, data in the entire database will be shared. databases.Database name.tables.Table name, data in the specified table will be shared. databases.Database name.tables.Table name.columns.Column name, data in the specified column will be shared. jobs.flink.Flink job ID, data the specified job will be shared. groups.Package group name, data in the specified package group will be shared. resources.Package name, data in the specified package will be shared. Example value: databases.db1.tables.tb2.columns.column1.
privileges	Yes	Array of Strings	List of permissions to be granted, revoked, or updated. Example value: [SELECT]. NOTE: If Action is Update and the update list is empty, all permissions of the user in the database or table are revoked.

Response

**Table 4** Response parameters
Parameter	Mandatory	Type	Description
is_success	No	Boolean	Whether the request is successfully executed. Value true indicates that the request is successfully executed. Example value: true.
message	No	String	System prompt. If execution succeeds, the parameter setting may be left blank. Example value: left blank.

Example Request

Grant user2 the permission to query data in the database db1, delete the data table db1.tbl, and query data in a specified column db1.tbl.column1 of a data table.

{
  "user_name": "user2",
  "action": "grant",
  "privileges": [
    {
      "object": "databases.db1.tables.tb2.columns.column1",
      "privileges": [
        "SELECT"
      ]
    },
    {
      "object": "databases.db1.tables.tbl",
      "privileges": [
        "DROP_TABLE"
      ]
    },
    {
      "object": "databases.db1",
      "privileges": [
        "SELECT"
      ]
    }
  ]
}

Example Response

{
  "is_success": true,
  "message": "" 
}

Status Codes

Table 5 describes the status code.

**Table 5** Status codes
Status Code	Description
200	Authorization succeeds.
400	Request error.
500	Internal service error.

Error Codes

If an error occurs when this API is invoked, the system does not return the result similar to the preceding example, but returns the error code and error information. For details, see Error Codes.

Granting Data Permission to Users