Skip to content

fix(sdb): add missing permissions set MTA-6105 #5069

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Jun 11, 2025
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions pages/iam/reference-content/permission-sets.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,7 @@ Below is a list of the permission sets available at Scaleway.
| ServerlessJobsReadOnly | List and read access to job definition/run |
| ServerlessSQLDatabaseReadOnly| List and read access to Serverless SQL Database |
| ServerlessSQLDatabaseReadWrite| List, read and write access to Serverless SQL Database. Includes data and table structure edition. Does not include permissions to create databases or edit settings |
| ServerlessSQLDatabaseDataReadWrite| Read, write, edit and delete data in Serverless SQL Database tables. Does not include data and table structure edition, creation of databases or settings edition |
| ServerlessSQLDatabaseFullAccess| Full access to create, read, list, edit and delete Serverless SQL Database |
| RelationalDatabasesReadOnly | List and read access to Managed Database for PostgreSQL and MySQL |
| RelationalDatabasesFullAccess| Full access to create, read, list, edit and delete Managed Database for PostgreSQL and MySQL |
Expand Down
58 changes: 34 additions & 24 deletions pages/serverless-sql-databases/how-to/manage-permissions.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ Permissions define the actions a user or an application can perform on a databas

- A Scaleway account logged into the [console](https://console.scaleway.com)
- [Owner](/iam/concepts/#owner) status or [IAM permissions](/iam/concepts/#permission) allowing you to perform actions in the intended Organization
- Created a [Serverless SQL Database](/serverless-sql-databases/how-to/create-a-database/)

1. Click **IAM & API keys** on the top-right drop-down menu of the Scaleway console. The **Users** tab of the [Identity and Access Management dashboard](https://console.scaleway.com/iam/users) displays.

Expand All @@ -28,17 +29,17 @@ Permissions define the actions a user or an application can perform on a databas

4. Complete the steps on the first page of the creation wizard:

- Enter a **name** for the policy.
- Enter a **name** for the policy.

- Enter a **description** (optional).
- Enter a **description** (optional).

- Select a **principal**, who will be the target of your policy. The [principal](/iam/concepts/#principal) should be the user, application, or group you want to grant access to your database.
- Select a **principal**, who will be the target of your policy. The [principal](/iam/concepts/#principal) should be the user, application, or group you want to grant access to your database.

<Message type="important">
- You can choose to create a policy without a principal for now, and attach the principal later.
- The policy will have no effect until a principal is attached.
- A policy can only be attached to one principal at a time.
</Message>
<Message type="important">
- You can choose to create a policy without a principal for now and attach one later.
- The policy will have no effect until a principal is attached.
- A policy can only be attached to one principal at a time.
</Message>

5. Click **Add rules**. The second screen of the policy creation wizard.

Expand All @@ -48,28 +49,37 @@ Permissions define the actions a user or an application can perform on a databas

8. Select **Databases** in the left-hand **Products** list, then, tick the permissions set you want to add to the policy:

- **ServerlessSQLDatabaseFullAccess** allows the user to create and delete databases, edit their configuration, and use the following commands:
- **ServerlessSQLDatabaseFullAccess** allows the user to create and delete databases, edit their configuration, and use the following commands:

- `SELECT`
- `UPDATE`
- `INSERT`
- `DELETE`
- `CREATE/ALTER/DROP TABLE`
- `CREATE/DROP INDEX`
- `SELECT`
- `UPDATE`
- `INSERT`
- `DELETE`
- `CREATE/ALTER/DROP TABLE`
- `CREATE/DROP INDEX`

- **ServerlessSQLDatabaseReadWrite** allows the user to use the following commands:
- **ServerlessSQLDatabaseReadWrite** allows the user to use the following commands:

- `SELECT`
- `UPDATE`
- `INSERT`
- `DELETE`
- `CREATE/ALTER/DROP TABLE`
- `CREATE/DROP INDEX`
- `SELECT`
- `UPDATE`
- `INSERT`
- `DELETE`
- `CREATE/ALTER/DROP TABLE`
- `CREATE/DROP INDEX`

- **ServerlessSQLDatabaseReadOnly** allows the user to use the following commands:
- **ServerlessSQLDatabaseReadOnly** allows the user to use the following commands:

- `SELECT`
- `SELECT`

- **ServerlessSQLDatabaseDataReadWrite** allows the user to use the following commands:

- `SELECT`
- `UPDATE`
- `INSERT`
- `DELETE`

9. Click **Validate**. The **scope** and the **permission sets** of your policy display.

10. Click **Create policy** to finish.

The user or application now has the selected permissions, and can perform the corresponding actions on the Serverless SQL Database.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
The user or application now has the selected permissions, and can perform the corresponding actions on the Serverless SQL Database.
The user or application now has the selected permissions and can perform the corresponding actions on the Serverless SQL Database.

Original file line number Diff line number Diff line change
Expand Up @@ -47,11 +47,14 @@ The [IAM principal](/iam/concepts/#principal) (user or application) does not hav

### Solution

[Create a new IAM policy](/iam/how-to/create-policy/) or [update an existing one](/iam/how-to/manage-policies/#how-to-edit-a-policys-rules) to grant one of the following permissions sets to the user or application:
[Grant one of the following permissions sets](/serverless-sql-databases/how-to/manage-permissions/) to the user or application:
- `ServerlessSQLDatabaseReadOnly`
- `ServerlessSQLDatabaseReadWrite`
- `ServerlessSQLDatabaseDataReadWrite`
- `ServerlessSQLDatabaseFullAccess`

Refer to the [dedicated documentation](/serverless-sql-databases/how-to/manage-permissions/) for more information on the SQL operations allowed by each permissions set.

## ERROR: permission denied to create temporary tables/subscription in database

### Problem
Expand Down