UpdateLedgerPermissionsMode - Amazon Quantum Ledger Database (Amazon QLDB)
Request SyntaxURI Request ParametersRequest BodyResponse SyntaxResponse ElementsErrorsSee Also

UpdateLedgerPermissionsMode

Updates the permissions mode of a ledger.

Important

Before you switch to the STANDARD permissions mode, you must first create all required IAM policies and table tags to avoid disruption to your users. To learn more, see Migrating to the standard permissions mode in the Amazon QLDB Developer Guide.

Request Syntax

PATCH /ledgers/name/permissions-mode HTTP/1.1
Content-type: application/json

{
   "PermissionsMode": "string"
}

URI Request Parameters

The request uses the following URI parameters.

name

The name of the ledger.

Length Constraints: Minimum length of 1. Maximum length of 32.

Pattern: (?!^.*--)(?!^[0-9]+$)(?!^-)(?!.*-$)^[A-Za-z0-9-]+$

Required: Yes

Request Body

The request accepts the following data in JSON format.

PermissionsMode

The permissions mode to assign to the ledger. This parameter can have one of the following values:

  • ALLOW_ALL: A legacy permissions mode that enables access control with API-level granularity for ledgers.

    This mode allows users who have the SendCommand API permission for this ledger to run all PartiQL commands (hence, ALLOW_ALL) on any tables in the specified ledger. This mode disregards any table-level or command-level IAM permissions policies that you create for the ledger.

  • STANDARD: (Recommended) A permissions mode that enables access control with finer granularity for ledgers, tables, and PartiQL commands.

    By default, this mode denies all user requests to run any PartiQL commands on any tables in this ledger. To allow PartiQL commands to run, you must create IAM permissions policies for specific table resources and PartiQL actions, in addition to the SendCommand API permission for the ledger. For information, see Getting started with the standard permissions mode in the Amazon QLDB Developer Guide.

Note

We strongly recommend using the STANDARD permissions mode to maximize the security of your ledger data.

Type: String

Valid Values: ALLOW_ALL | STANDARD

Required: Yes

Response Syntax

HTTP/1.1 200
Content-type: application/json

{
   "Arn": "string",
   "Name": "string",
   "PermissionsMode": "string"
}

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

Arn

The Amazon Resource Name (ARN) for the ledger.

Type: String

Length Constraints: Minimum length of 20. Maximum length of 1600.

Name

The name of the ledger.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 32.

Pattern: (?!^.*--)(?!^[0-9]+$)(?!^-)(?!.*-$)^[A-Za-z0-9-]+$

PermissionsMode

The current permissions mode of the ledger.

Type: String

Valid Values: ALLOW_ALL | STANDARD

Errors

For information about the errors that are common to all actions, see Common Errors.

InvalidParameterException

One or more parameters in the request aren't valid.

HTTP Status Code: 400

ResourceNotFoundException

The specified resource doesn't exist.

HTTP Status Code: 404

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: