PlanetScale allows you to create and manage passwords for each branch of your database. PlanetScale passwords can be created with one of four roles:
- Read-only — Can query rows
- Write-only — Can modify rows
- Read/Write — Can query and modify rows
- Admin — All read/write permissions and can modify schema*
* This does not apply to production branches, as we do not allow direct DDL on production branches, even if your password has the
- Go to your database settings page.
- Click "Passwords" > "New password".
- Give it a name, select the role from the dropdown, select the branch, and click "Generate password".
Once a password is created, its role cannot be changed.
The access level available to these roles is shown in the table below.
|Role name||Can create/edit schema||Can insert/update/delete rows||Can query rows|
The default role for all passwords created by the Connect button is
Administrator. Passwords with custom roles must be created from your database settings page.
The following errors indicate that you do not have the permissions needed to perform an action. You must create a new password with a more privileged role to proceed.
Select command denied to user ‘planetscale-writer-only for table ‘customers’ (ACL check error) (CallerID: planetscale-writer-only)
Insert command denied to user ‘planetscale-reader’ for table ‘customers’ (ACL check error) (CallerID: planetscale-reader)
Delete command denied to user ‘planetscale-reader’ for table ‘customers’ (ACL check error) (CallerID: planetscale-reader)
DDL command denied to user ‘planetscale-writer' for table my-new-table’ (ACL check error) (CallerID: planetscale-writer)
If your pscale CLI version is less than 0.94.0, please upgrade your installation by following this document