Create a database account in an ApsaraDB RDS for MySQL instance and grant privileges to the account - ApsaraDB for OceanBase

This topic describes how to create a normal account in an ApsaraDB RDS for MySQL instance and grant the minimum privileges to the account in different phases of data migration.

Background

An ApsaraDB RDS for MySQL instance supports two types of database accounts: privileged account and normal account. When you use the data transmission service to migrate data from an ApsaraDB RDS for MySQL instance, observe the following rules:

If you use a privileged account, it has read/write privileges on all databases by default.
Important
You can create only one privileged account in an ApsaraDB RDS for MySQL instance.
If you use a normal account, grant privileges to the account based on the descriptions in this topic.
The privileges of a normal account include the read-only, read/write, DDL-only, and DML-only privileges. For more information, see Account privileges.

In this example, a normal account is created for an ApsaraDB RDS for MySQL instance. Specify this account for the Username field when you create an ApsaraDB RDS for MySQL data source.

Create a normal account for an ApsaraDB RDS for MySQL instance

Go to the Accounts page.
1. Log on to the ApsaraDB RDS for MySQL console.
2. In the upper-left corner of the Instances page, select the region where the target instance is located. Then, click the ID of the instance.
3. On the instance details page, click Accounts in the left-side navigation pane.
On the Accounts page, click Create Account.

In the Create Account dialog box, configure the parameters.

Parameter	Description
Database Account	The username of the database account can contain letters, digits, and underscores (_). It must start with a letter and end with a letter or digit, and cannot exceed 32 characters in length.
Account Type	Select Normal Account.
Authorized Databases	Select one or more databases accessible to the account. In the Unauthorized Databases list on the left side, select one or more databases and click > to add them to the right-side list. In the Authorized Databases list on the right side, grant the read/write (DDL and DML), read-only, DDL-only, or DML-only privilege on each database to the account. You can click the button next to Set All to in the upper-right corner to grant the same privilege on multiple databases to the account.
New Password	The password must be 8 to 32 characters in length and contain any three of the four character types: uppercase letters, lowercase letters, digits, and special characters. Supported special characters are the following ones: ! @ # $ % ^ & * ( ) _ + - =.
Confirm Password	Enter the password again.
Remarks	Enter the description of the account. It must be 2 to 256 characters in length.

Click OK.

Grant privileges to a normal account in a source ApsaraDB RDS for MySQL instance

The following table lists the minimum privileges required for a normal account in an ApsaraDB RDS for MySQL instance in different phases of data migration. If you grant the read/write privilege to the source account in the reverse incremental migration phase, the privilege required by the source is subject to the data type of reverse incremental migration. For example, if the data type of reverse incremental migration is DDL, you must grant the DDL-only privilege to the source account. If the data type of reverse incremental migration is DML, you must grant the DML-only privilege to the source account.

In incremental synchronization, the data transmission service obtains and parses the logs generated after DML or DDL change operations are performed in the source, and writes the logs to the destination.
Note
If you have selected Incremental Synchronization when you configured the project, the account must have the read privilege on all tables in the source. Otherwise, the project may be interrupted.
In reverse incremental migration, the data transmission service obtains and parses the logs generated after DML or DDL change operations are performed in the destination, and writes the logs to the source.

Table type	Schema migration	Full migration	Incremental DML operation synchronization	Incremental DDL operation synchronization	Full verification	Reverse incremental migration
Table with a primary key or not-null unique key	Read-only	Read-only	Read-only	Read-only	Read-only	DDL-only (only DDL operations are synchronized) DML-only (only DML operations are synchronized) Read/Write (both DDL and DML operations are synchronized)
Table without a primary key or not-null unique key	Read-only	Read-only	Read-only	Read-only	Not supported	DDL-only (only DDL operations are synchronized) DML-only (only DML operations are synchronized) Read/Write (both DDL and DML operations are synchronized)

Grant privileges to a normal account in a destination ApsaraDB RDS for MySQL instance

Table type	Schema migration	Full migration	Incremental DML operation synchronization	Incremental DDL operation synchronization	Full verification	Reverse incremental migration
Table with a primary key or not-null unique key	Read-only	Read-only	Read-only	Read-only	Read-only	DDL-only (only DDL operations are synchronized) DML-only (only DML operations are synchronized) Read/Write (both DDL and DML operations are synchronized)
Table without a primary key or not-null unique key	When the destination is an ApsaraDB RDS for MySQL instance, the data transmission service does not support migrating or synchronizing a table without a primary key or not-null unique key.