Overview
PlanetScale allows you to create and manage passwords for each branch of your database. PlanetScale passwords can be created with one of four roles:
- Read-only — Can query rows
- Write-only — Can modify rows
- Read/Write — Can query and modify rows
- Admin — All read/write permissions and can modify schema*
* This does not apply to production branches, as we do not allow direct DDL on production branches, even if your password has the Admin role.
Create a password with custom role
- Go to your database settings page.
- Click "Passwords" > "New password".
- Give it a name, select the role from the dropdown, select the branch, and click "Generate password".
Once a password is created, its role cannot be changed.
The access level available to these roles is shown in the table below.
| Role name | Can create/edit schema | Can insert/update/delete rows | Can query rows |
|---|---|---|---|
| Read-only | ✖️ | ✖️ | ✔ |
| Write-only | ✖️ | ✔ | ✖️ |
| Read/write | ✖️ | ✔ | ✔ |
| Admin | ✔ | ✔ | ✔ |
Administrator. Passwords with custom roles must be created from your database settings page. Troubleshooting
The following errors indicate that you do not have the permissions needed to perform an action. You must create a new password with a more privileged role to proceed.
SELECT DENIED
Select command denied to user ‘planetscale-writer-only for table ‘customers’ (ACL check error) (CallerID: planetscale-writer-only)
INSERT DENIED
Insert command denied to user ‘planetscale-reader’ for table ‘customers’ (ACL check error) (CallerID: planetscale-reader)
DELETE DENIED
Delete command denied to user ‘planetscale-reader’ for table ‘customers’ (ACL check error) (CallerID: planetscale-reader)
DDL DENIED
DDL command denied to user ‘planetscale-writer' for table my-new-table’ (ACL check error) (CallerID: planetscale-writer)