user_grants
Creates, updates, deletes, gets or lists a user_grants resource.
Overview
| Name | user_grants |
| Type | Resource |
| Id | linode.account.user_grants |
Fields
The following fields are returned by SELECT queries:
- get_user_grants
The User's grants.
| Name | Datatype | Description |
|---|---|---|
database | array | The grants this user has for individual Managed Databases on this account. |
domain | array | The grants this user has for individual domains on this account. |
firewall | array | The grants this user has for individual firewalls on this account. |
global | object | The grants the user has to all resources on your account. |
image | array | The grants this user has for individual images on this account. |
linode | array | The grants this user has for individual Linodes on this account. |
longview | array | The grants this user has for individual Longview Clients on this account. |
nodebalancer | array | The grants this user has for individual NodeBalancers on this account. |
stackscript | array | The grants this User has for individual StackScripts on this account. |
volume | array | The grants this user has individual Block Storage Volumes on this account. |
vpc | array | The grants this user has individual Virtual Private Clouds (VPCs) on this account. |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
get_user_grants | select | Returns the full grants structure for an account username you specify. This includes all entities on the account, and the level of access this user has to each of them. This doesn't apply to the account owner or the current authenticated user. You can run the List grants operation to view those grants. However, this doesn't show the entities that they don't have access to. > 📘 > > This operation can only be accessed by account users with unrestricted access. OAuth scopes. <br /> account:read_only<br /> Learn more... | ||
put_user_grants | replace | Update the grants for a restricted user. This can be used to give a user access to new entities or actions, or take access away. Omit a grant object from the request to keep its current setting. > 📘 > > - This operation can only be accessed by account users with unrestricted access. > > - This operation only applies to restricted users. An unrestricted user has access to everything and doesn't use grants. Parent and child accounts In a parent and child account environment, the following apply: - No child account user can modify the account_access grant for the child account parent user (proxy user).- An unrestricted child account user can configure all other grants for the proxy user, with the global object.- An unrestricted child account user can enable the account_access grant for other child account users. However, enabled child users are still subject to child user restrictions--they can't perform write operations for any billing or account information. OAuth scopes.<br /> account:read_write<br /> Learn more... |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|
SELECT examples
- get_user_grants
Returns the full grants structure for an account username you specify. This includes all entities on the account, and the level of access this user has to each of them.
This doesn't apply to the account owner or the current authenticated user. You can run the List grants operation to view those grants. However, this doesn't show the entities that they don't have access to.
> 📘
>
> This operation can only be accessed by account users with unrestricted access. OAuth scopes.
<br /> account:read_only<br />
Learn more...
SELECT
database,
domain,
firewall,
global,
image,
linode,
longview,
nodebalancer,
stackscript,
volume,
vpc
FROM linode.account.user_grants;
REPLACE examples
- put_user_grants
Update the grants for a restricted user. This can be used to give a user access to new entities or actions, or take access away. Omit a grant object from the request to keep its current setting.
> 📘
>
> - This operation can only be accessed by account users with unrestricted access.
>
> - This operation only applies to restricted users. An unrestricted user has access to everything and doesn't use grants.
Parent and child accounts
In a parent and child account environment, the following apply:
- No child account user can modify the account_access grant for the child account parent user (proxy user).
- An unrestricted child account user can configure all other grants for the proxy user, with the global object.
- An unrestricted child account user can enable the account_access grant for other child account users. However, enabled child users are still subject to child user restrictions--they can't perform write operations for any billing or account information. OAuth scopes.
<br /> account:read_write<br />
Learn more...
REPLACE linode.account.user_grants
SET
data__database = '{{ database }}',
data__domain = '{{ domain }}',
data__firewall = '{{ firewall }}',
data__global = '{{ global }}',
data__image = '{{ image }}',
data__linode = '{{ linode }}',
data__longview = '{{ longview }}',
data__nodebalancer = '{{ nodebalancer }}',
data__stackscript = '{{ stackscript }}',
data__volume = '{{ volume }}',
data__vpc = '{{ vpc }}'
WHERE
RETURNING
database,
domain,
firewall,
global,
image,
linode,
longview,
nodebalancer,
stackscript,
volume,
vpc;