This topic describes how to create a standard account for an AnalyticDB for MySQL (ADB) database and the minimum privileges required for the account.
Background
An ADB instance supports two types of database accounts: privileged account and standard account. When you use the data transmission service to migrate or synchronize data from an ADB cluster instance, observe the following rules:
If you use a privileged account, it has read/write privileges on all databases by default.
ImportantYou can create only one privileged account in an ADB instance.
If you use a standard account, grant privileges to the account based on the descriptions in this topic.
ADB allows you to grant different privileges by granularity for privilege control. For more information, see Database privilege model.
When you create an ADB data source, specify the account created for the ADB cluster instance here in the Username field.
Create a standard account for an ADB cluster instance
Go to the Accounts page.
Log in to the ADB console.
In the left-side navigation pane, click Clusters.
In the upper-left corner of the Clusters page, select the region of the target cluster and click the cluster ID.
On the details page of the cluster, click Accounts in the left-side navigation pane.
On the Accounts page, click Create Account in the upper-right corner.
In the Create Account dialog box, configure the parameters.
Parameter
Description
Database Account
The username of the account can contain lowercase letters, digits, and underscores (_). It must start with a lowercase letter and end with a lowercase letter or digit. It can contain 2 to 64 characters in length.
Account Type
Select Standard Account.
NoteYou can create at most 256 standard accounts in an ADB cluster instance. You must manually grant privileges on the specified database to the standard accounts.
New Password
The password must be 8 to 32 characters in length and contain any three of the following four types of characters: uppercase letters, lowercase letters, digits, and special characters. Supported special characters are ! @ # $ % ^ & * ( ) _ + - =.
Confirm Password
Enter the password again.
Description
Enter the description of the account. It can contain 0 to 256 characters in length.
Click OK.
Grant privileges to a standard account in a source ADB cluster instance
When you use a standard account to migrate data from an ADB cluster instance, the account must have at least the privilege to query data tables in the ADB cluster instance. This topic describes how to grant the minimum privileges. You can grant privileges based on your business needs.
Go to the Accounts page.
In the Actions column of the target account, choose Permissions > Edit Permissions.
In the dialog box that appears, grant privileges to the account.
Select Data Table from the Permission Level drop-down list.
In the Permission Configuration section, select Search.
Click > to add the selected privilege to the list on the right.
Click OK.
Grant privileges to a standard account in a target ADB cluster instance
When you use a standard account to synchronize data to an ADB cluster instance, the account must have the global create, query, delete, and change privileges.
Go to the Accounts page.
In the Actions column of the target account, choose Permissions > Edit Permissions.
In the dialog box that appears, grant privileges to the account.
Select Global from the Permission Level drop-down list.
In the Permission Configuration section, select Create, Search, Delete, and Change, or select ALL.
Click > to add the selected privileges to the list on the right.
Click OK.