Overview

PlanetScale passwords can be created with one of four roles:
  • Read-only — Can query rows
  • Write-only — Can modify rows
  • Read/Write — Can query and modify rows
  • Admin — All read/write permissions and can modify schema*
* This does not apply to production branches with safe migrations enabled, as we do not allow direct DDL on those branches, even if your password has the Admin role.

Create a password with custom role

1

Go to your database settings page.
2

Click “Passwords” > “New password”.
3

Give it a name, select the role from the dropdown, select the branch, and click “Generate password”.
PlanetScale password roles priority
Once a password is created, its role cannot be changed. The access level available to these roles is shown in the table below.
Role nameCan create/edit schemaCan insert/update/delete rowsCan query rows
Read-only
Write-only
Read/write
Admin
NoteThe default role for all passwords created by the Connect button is Administrator. Passwords with custom roles must be created from your database settings page.

Troubleshooting

The following errors indicate that you do not have the permissions needed to perform an action. You must create a new password with a more privileged role to proceed. SELECT DENIED Select command denied to user ‘planetscale-writer-only for table ‘customers’ (ACL check error) (CallerID: planetscale-writer-only) INSERT DENIED Insert command denied to user ‘planetscale-reader’ for table ‘customers’ (ACL check error) (CallerID: planetscale-reader) DELETE DENIED Delete command denied to user ‘planetscale-reader’ for table ‘customers’ (ACL check error) (CallerID: planetscale-reader) DDL DENIED DDL command denied to user ‘planetscale-writer' for table my-new-table’ (ACL check error) (CallerID: planetscale-writer)
NoteIf your pscale CLI version is less than 0.94.0, please upgrade your installation by following this document

Need help?

Get help from the PlanetScale Support team, or join our GitHub discussion board to see how others are using PlanetScale.