Password roles

April 5, 2023

Overview

PlanetScale allows you to create and manage passwords for each branch of your database. PlanetScale passwords can be created with one of four roles:

• Read-only — Can query rows
• Write-only — Can modify rows
• Read/Write — Can query and modify rows
• Admin — All read/write permissions and can modify schema*

* This does not apply to production branches with safe migrations enabled, as we do not allow direct DDL on those branches, even if your password has the Admin role.

Create a password with custom role

1. Go to your database settings page.
2. Click "Passwords" > "New password".
3. Give it a name, select the role from the dropdown, select the branch, and click "Generate password".

Once a password is created, its role cannot be changed.

The access level available to these roles is shown in the table below.

Troubleshooting

The following errors indicate that you do not have the permissions needed to perform an action. You must create a new password with a more privileged role to proceed.

SELECT DENIED

Select command denied to user ‘planetscale-writer-only for table ‘customers’ (ACL check error) (CallerID: planetscale-writer-only)

INSERT DENIED

Insert command denied to user ‘planetscale-reader’ for table ‘customers’ (ACL check error) (CallerID: planetscale-reader)

DELETE DENIED

Delete command denied to user ‘planetscale-reader’ for table ‘customers’ (ACL check error) (CallerID: planetscale-reader)

DDL DENIED

DDL command denied to user ‘planetscale-writer' for table my-new-table’ (ACL check error) (CallerID: planetscale-writer)

Need help?

Get help from the PlanetScale Support team, or join our GitHub discussion board to see how others are using PlanetScale.