diff --git a/pages/iam/reference-content/permission-sets.mdx b/pages/iam/reference-content/permission-sets.mdx index 5a72c3c350..d0c95edcb4 100644 --- a/pages/iam/reference-content/permission-sets.mdx +++ b/pages/iam/reference-content/permission-sets.mdx @@ -71,6 +71,7 @@ Below is a list of the permission sets available at Scaleway. | ServerlessJobsReadOnly | List and read access to job definition/run | | ServerlessSQLDatabaseReadOnly| List and read access to Serverless SQL Database | | ServerlessSQLDatabaseReadWrite| List, read and write access to Serverless SQL Database. Includes data and table structure edition. Does not include permissions to create databases or edit settings | +| ServerlessSQLDatabaseDataReadWrite| Read, write, edit and delete data in Serverless SQL Database tables. Does not include data and table structure edition, creation of databases or settings edition | | ServerlessSQLDatabaseFullAccess| Full access to create, read, list, edit and delete Serverless SQL Database | | RelationalDatabasesReadOnly | List and read access to Managed Database for PostgreSQL and MySQL | | RelationalDatabasesFullAccess| Full access to create, read, list, edit and delete Managed Database for PostgreSQL and MySQL | diff --git a/pages/serverless-sql-databases/how-to/manage-permissions.mdx b/pages/serverless-sql-databases/how-to/manage-permissions.mdx index c0e16fb56a..09d5f06627 100644 --- a/pages/serverless-sql-databases/how-to/manage-permissions.mdx +++ b/pages/serverless-sql-databases/how-to/manage-permissions.mdx @@ -19,6 +19,7 @@ Permissions define the actions a user or an application can perform on a databas - A Scaleway account logged into the [console](https://console.scaleway.com) - [Owner](/iam/concepts/#owner) status or [IAM permissions](/iam/concepts/#permission) allowing you to perform actions in the intended Organization +- Created a [Serverless SQL Database](/serverless-sql-databases/how-to/create-a-database/) 1. Click **IAM & API keys** on the top-right drop-down menu of the Scaleway console. The **Users** tab of the [Identity and Access Management dashboard](https://console.scaleway.com/iam/users) displays. @@ -28,17 +29,17 @@ Permissions define the actions a user or an application can perform on a databas 4. Complete the steps on the first page of the creation wizard: - - Enter a **name** for the policy. + - Enter a **name** for the policy. - - Enter a **description** (optional). + - Enter a **description** (optional). - - Select a **principal**, who will be the target of your policy. The [principal](/iam/concepts/#principal) should be the user, application, or group you want to grant access to your database. + - Select a **principal**, who will be the target of your policy. The [principal](/iam/concepts/#principal) should be the user, application, or group you want to grant access to your database. - <Message type="important"> - - You can choose to create a policy without a principal for now, and attach the principal later. - - The policy will have no effect until a principal is attached. - - A policy can only be attached to one principal at a time. - </Message> + <Message type="important"> + - You can choose to create a policy without a principal for now and attach one later. + - The policy will have no effect until a principal is attached. + - A policy can only be attached to one principal at a time. + </Message> 5. Click **Add rules**. The second screen of the policy creation wizard. @@ -48,28 +49,37 @@ Permissions define the actions a user or an application can perform on a databas 8. Select **Databases** in the left-hand **Products** list, then, tick the permissions set you want to add to the policy: - - **ServerlessSQLDatabaseFullAccess** allows the user to create and delete databases, edit their configuration, and use the following commands: + - **ServerlessSQLDatabaseFullAccess** allows the user to create and delete databases, edit their configuration, and use the following commands: - - `SELECT` - - `UPDATE` - - `INSERT` - - `DELETE` - - `CREATE/ALTER/DROP TABLE` - - `CREATE/DROP INDEX` + - `SELECT` + - `UPDATE` + - `INSERT` + - `DELETE` + - `CREATE/ALTER/DROP TABLE` + - `CREATE/DROP INDEX` - - **ServerlessSQLDatabaseReadWrite** allows the user to use the following commands: + - **ServerlessSQLDatabaseReadWrite** allows the user to use the following commands: - - `SELECT` - - `UPDATE` - - `INSERT` - - `DELETE` - - `CREATE/ALTER/DROP TABLE` - - `CREATE/DROP INDEX` + - `SELECT` + - `UPDATE` + - `INSERT` + - `DELETE` + - `CREATE/ALTER/DROP TABLE` + - `CREATE/DROP INDEX` - - **ServerlessSQLDatabaseReadOnly** allows the user to use the following commands: + - **ServerlessSQLDatabaseReadOnly** allows the user to use the following commands: - - `SELECT` + - `SELECT` + + - **ServerlessSQLDatabaseDataReadWrite** allows the user to use the following commands: + + - `SELECT` + - `UPDATE` + - `INSERT` + - `DELETE` 9. Click **Validate**. The **scope** and the **permission sets** of your policy display. 10. Click **Create policy** to finish. + +The user or application now has the selected permissions, and can perform the corresponding actions on the Serverless SQL Database. diff --git a/pages/serverless-sql-databases/troubleshooting/connection-errors.mdx b/pages/serverless-sql-databases/troubleshooting/connection-errors.mdx index f851ab3965..d777f77a8a 100644 --- a/pages/serverless-sql-databases/troubleshooting/connection-errors.mdx +++ b/pages/serverless-sql-databases/troubleshooting/connection-errors.mdx @@ -47,11 +47,14 @@ The [IAM principal](/iam/concepts/#principal) (user or application) does not hav ### Solution -[Create a new IAM policy](/iam/how-to/create-policy/) or [update an existing one](/iam/how-to/manage-policies/#how-to-edit-a-policys-rules) to grant one of the following permissions sets to the user or application: +[Grant one of the following permissions sets](/serverless-sql-databases/how-to/manage-permissions/) to the user or application: - `ServerlessSQLDatabaseReadOnly` - `ServerlessSQLDatabaseReadWrite` + - `ServerlessSQLDatabaseDataReadWrite` - `ServerlessSQLDatabaseFullAccess` +Refer to the [dedicated documentation](/serverless-sql-databases/how-to/manage-permissions/) for more information on the SQL operations allowed by each permissions set. + ## ERROR: permission denied to create temporary tables/subscription in database ### Problem