how to create a database user - ApsaraDB for OceanBase - Alibaba Cloud Documentation Center

Before you use the data transmission service for data migration or synchronization, you must first create a dedicated database user for the data migration or synchronization task in the source and destination data sources.

OceanBase data source

Create an OceanBase Database user

In this example, an OceanBase Database user is created. Specify this user for the Database Username field when you create an OceanBase data source with the Instance Type field set to Self-Managed Database in VPC. For information about how to create a database user for an OceanBase cluster instance and grant privileges to the database user, see Create a regular account in an OceanBase cluster instance and grant privileges to the account.

Log on to the ApsaraDB for OceanBase console as the system administrator.
Create a user for data migration or synchronization in the source business tenant.
- MySQL tenant of OceanBase Database
```
CREATE USER '<user_name>' IDENTIFIED BY '<password>';
```
- Oracle tenant of OceanBase Database
```
CREATE USER '<user_name>' IDENTIFIED BY <password>;
```
Use the GRANT statement to grant privileges to the created database user. For more information, see User privileges.

Create a DRC user

If you need to read incremental log data and database object schemas from OceanBase Database, you need to create a data replication center (DRC) user in the sys tenant of the source.

In this example, a DRC user is created. Specify this user for the Username field in the Advanced Options section when you create an OceanBase data source.

CREATE USER <drc_user> IDENTIFIED BY '<drc_password>';
GRANT SELECT ON <db_name>.* TO <drc_user>;

Create the __oceanbase_inner_drc_user user

If you need to migrate a table without a primary key, you need to create a user and grant required privileges to the user based on the actual situation before you execute the data migration project.

If the source is a MySQL tenant of OceanBase Database, you need to create the __oceanbase_inner_drc_user user in the source business tenant.
In this example, the __oceanbase_inner_drc_user user is created. Specify the password of this user for the __oceanbase_inner_drc_user Password field when you create an OceanBase data source with the Tenant Type field set to MySQL.
- Create the user
```
CREATE USER __oceanbase_inner_drc_user IDENTIFIED BY '<password>';
```
- Grant privileges
```
GRANT SELECT ON *.* TO __oceanbase_inner_drc_user;
```

If the source is an Oracle tenant of OceanBase Database, you need to create the __OCEANBASE_INNER_DRC_USER user in the source business tenant.

In this example, the __OCEANBASE_INNER_DRC_USER user is created. Specify the password of this user for the __OCEANBASE_INNER_DRC_USER Password field when you create an OceanBase data source with the Tenant Type field set to Oracle.

Create the user

CREATE USER '__OCEANBASE_INNER_DRC_USER' IDENTIFIED BY <your_password>;

Grant privileges

OceanBase Database version

Statement for granting privileges

Versions earlier than V2.2.77

GRANT CREATE SESSION TO '__OCEANBASE_INNER_DRC_USER';
GRANT SELECT ON *.* TO '__OCEANBASE_INNER_DRC_USER';

V2.2.77 and later versions

GRANT CREATE SESSION TO '__OCEANBASE_INNER_DRC_USER';
GRANT SELECT ANY DICTIONARY TO '__OCEANBASE_INNER_DRC_USER';

You can grant the SELECT privilege on database tables to be migrated in either of the following ways:

// Grant system privileges.
GRANT SELECT ANY TABLE TO '__OCEANBASE_INNER_DRC_USER';
// Grant privileges on specific database table objects.
GRANT SELECT ON <schema>.<table> TO '__OCEANBASE_INNER_DRC_USER';

MySQL data source

In this example, a MySQL database user is created. Specify this user for the Database Username field when you create a MySQL data source. For more information about how to create a database user and grant privileges for different types of instances, see MySQL data source.

Log on to the MySQL database.

Use the CREATE USER statement to create a user.

CREATE USER '<user_name>'@'<host_name>' IDENTIFIED BY '<user_password>';

Parameter	Description
user_name	The name of the user to be created.
host_name	The host from which the user logs on to the database. To allow the user to log on to the database from any host, use a percent sign (%).
user_password	The password of the user.

For example, to create a user named test, allow the user to log on to the MySQL database from any host, and set the logon password to password, execute the following statement:

CREATE USER 'test'@'%' IDENTIFIED BY 'password';

Use the GRANT statement to grant privileges to the created database user. For more information, see User privileges.

Oracle data source

In this example, an Oracle database user is created. Specify this user for the Database Username field when you create an Oracle data source.

Log on to the Oracle database.

Use the CREATE USER statement to create a user.

CREATE USER <user_name> IDENTIFIED BY "<password>";

Use the GRANT statement to grant privileges to the created database user. For more information, see User privileges.

TiDB database user

In this example, a TiDB database user is created. Specify this user for the Database Username field when you create a TiDB data source.

Log on to the TiDB database.

Create a user in the TiDB database for data migration or synchronization.

CREATE USER '<user_name>'@'<host_name>' IDENTIFIED BY '<user_password>';

Parameter	Description
user_name	The name of the user to be created.
host_name	The host from which the user logs on to the database. To allow the user to log on to the database from any host, use a percent sign (%).
user_password	The password of the user.

Use the GRANT statement to grant privileges to the created database user. For more information, see User privileges.