Get started
Yandex Managed Service for SQL Server™

Method revokePermission

Revokes a permission from the specified SQL Server user.

HTTP request

POST https://mdb.api.cloud.yandex.net/mdb/sqlserver/v1alpha/clusters/{clusterId}/users/{userName}:revokePermission

Path parameters

Parameter Description
clusterId Required. ID of the SQL Server cluster the user belongs to. To get the cluster ID, use a list request. The maximum string length in characters is 50.
userName Required. Name of the user to revoke a permission from. To get the name of the user, use a list request. The maximum string length in characters is 63. Value must match the regular expression [a-zA-Z0-9_]*.

Body parameters

{
  "permission": {
    "databaseName": "string",
    "roles": [
      "string"
    ]
  }
}
Field Description
permission object

Required. Permission that should be revoked from the specified user.
permission.
databaseName		 string

Name of the database the permission grants access to.
permission.
roles[]		 string
  • DB_OWNER: Members of this fixed database role can perform all configuration and maintenance activities on the database, and can also drop the database in SQL Server.
  • DB_SECURITYADMIN: Members of this fixed database role can modify role membership for custom roles only and manage permissions. They can potentially elevate their privileges and their actions should be monitored.
  • DB_ACCESSADMIN: Members of this fixed database role can add or remove access to the database for Windows logins, Windows groups, and SQL Server logins.
  • DB_BACKUPOPERATOR: Members of this fixed database role can back up the database.
  • DB_DDLADMIN: Members of this fixed database role can run any Data Definition Language (DDL) command in a database.
  • DB_DATAWRITER: Members of this fixed database role can add, delete, or change data in all user tables.
  • DB_DATAREADER: Members of this fixed database role can read all data from all user tables.
  • DB_DENYDATAWRITER: Members of this fixed database role cannot add, modify, or delete any data in the user tables within a database. Denial has a higher priority than a grant, so you can use this role to quickly restrict one's privileges without explicitly revoking permissions or roles.
  • DB_DENYDATAREADER: Members of this fixed database role cannot read any data in the user tables within a database. Denial has a higher priority than a grant, so you can use this role to quickly restrict one's privileges without explicitly revoking permissions or roles.

Response

HTTP Code: 200 - OK

{
  "id": "string",
  "description": "string",
  "createdAt": "string",
  "createdBy": "string",
  "modifiedAt": "string",
  "done": true,
  "metadata": "object",

  //  includes only one of the fields `error`, `response`
  "error": {
    "code": "integer",
    "message": "string",
    "details": [
      "object"
    ]
  },
  "response": "object",
  // end of the list of possible fields

}

An Operation resource. For more information, see Operation.

Field Description
id string

ID of the operation.
description string

Description of the operation. 0-256 characters long.
createdAt string (date-time)

Creation timestamp.

String in RFC3339 text format.
createdBy string

ID of the user or service account who initiated the operation.
modifiedAt string (date-time)

The time when the Operation resource was last modified.

String in RFC3339 text format.
done boolean (boolean)

If the value is false, it means the operation is still in progress. If true, the operation is completed, and either error or response is available.
metadata object

Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any.
error object
The error result of the operation in case of failure or cancellation.
includes only one of the fields error, response

The error result of the operation in case of failure or cancellation.
error.
code		 integer (int32)

Error code. An enum value of google.rpc.Code.
error.
message		 string

An error message.
error.
details[]		 object

A list of messages that carry the error details.
response object
includes only one of the fields error, response

The normal response of the operation in case of success. If the original method returns no data on success, such as Delete, the response is google.protobuf.Empty. If the original method is the standard Create/Update, the response should be the target resource of the operation. Any method that returns a long-running operation should document the response type, if any.
In this article: