docs: required permissions (#1061)

Author: sophia-bq

docs/using-the-python-driver/SupportForRDSMultiAzDBCluster.md

@@ -8,6 +8,12 @@ The process of using the AWS Advanced Python Driver with RDS Multi-AZ DB Cluster
 
 ### MySQL
 
+There are permissions that must be granted to all non-administrative users who need database access. Without proper access, these users cannot utilize many of the driver's advanced features, including failover support. To grant the necessary permissions to non-administrative users, execute the following statement:
+
+```sql
+GRANT SELECT ON mysql.rds_topology TO 'non-admin-username'@'%'
+```
+
 Preparing a connection with MySQL in a Multi-AZ Cluster remains the same as before:
 
 ```python
@@ -32,6 +38,12 @@ Per AWS documentation, the `rds_tools` extension must be manually installed usin
 CREATE EXTENSION rds_tools;
 ```
 
+The extension must be granted to all non-administrative users who need database access. Without access to `rds_tools`, non-admin users cannot utilize many of the driver's advanced features, including failover support. To grant the necessary permissions to non-administrative users, execute the following statement:
+
+```sql
+GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA rds_tools TO non-admin-username;
+```
+
 Then, prepare the connection with:
 
 ```python

docs/using-the-python-driver/using-plugins/UsingTheBlueGreenPlugin.md

@@ -23,6 +23,7 @@ The AWS Python Driver leverages the Blue/Green Deployment approach by intelligen
 > Additional Requirements:
 >
 > - AWS cluster and instance endpoints must be directly accessible from the client side
+> - :warning: If connecting with non-admin users, permissions must be granted to the users so that the blue/green metadata table/function can be properly queried. If the permissions are not granted, the metadata table/function will not be visible and blue/green plugin functionality will not work properly. Please see the [Connecting with non-admin users](#connecting-with-non-admin-users) section below.
 > - Connecting to database nodes using CNAME aliases is not supported
 >
 > **Blue/Green Support Behaviour and Version Compatibility:**
@@ -83,14 +84,26 @@ The plugin establishes dedicated monitoring connections to track Blue/Green Depl
 
 ```python
 props = Properties()
+// Configure the timeout values for all, non-monitoring connections.
 props["connect_timeout"] = 30
+// Configure different timeout values for the Blue/Green monitoring connections.
 props["blue-green-monitoring-connect_timeout"] = 10
 ```
 
 > [!WARNING]\
 > **Always ensure you provide a non-zero connect timeout value to the Blue/Green Deployment Plugin**
 >
 
+## Connecting with non-admin users
+> [!WARNING]\
+> If connecting with non-admin users, permissions must be granted to the users so that the blue/green metadata table/function can be properly queried. If the permissions are not granted, the metadata table/function will not be visible and blue/green plugin functionality will not work properly.
+
+| Environment       | Required permission statements                                                                                        |
+|-------------------|-----------------------------------------------------------------------------------------------------------------------|
+| Aurora Postgresql | None                                                                                                                  |
+| RDS Postgresql    | `GRANT USAGE ON SCHEMA rds_tools TO your_user;`<br>`GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA rds_tools TO your_user;` |
+| Aurora MySQL      | `GRANT SELECT ON mysql.rds_topology TO 'your_user'@'%';`<br>`FLUSH PRIVILEGES;`                                       |
+| RDS MySQL         | `GRANT SELECT ON mysql.rds_topology TO 'your_user'@'%';`<br>`FLUSH PRIVILEGES;`                                       |
 
 ## Plan your Blue/Green switchover in advance