All Products
Search

This Product

    PolarDB:Manage database accounts

    Document Center

    PolarDB:Manage database accounts

    Last Updated:Jul 20, 2023

    PolarDB-X instances support two types of accounts: privileged account and standard account. This topic describes how to manage database accounts.

    Account types

    The following table describes the types of database accounts that are supported by PolarDB-X instances.
    Account typeDescription
    Privileged account
    • You can create and manage privileged accounts by using the PolarDB-X console or API operations.
    • You can create only one privileged account for each instance. The privileged account can be used to manage all standard accounts and databases in the instance.
    • The privileged account is granted more permissions than a standard account. You can use the privileged account to perform fine-grained permission management based on your business requirements. For example, you can use the privileged account to grant different RAM users permissions to access different tables.
    • The privileged account is granted full permissions on all databases in the instance and can be used to close connections that are established by using standard accounts.
    Standard account
    • You can create and manage standard accounts by using the PolarDB-X console, calling API operations, or executing SQL statements.
    • You can create one or more standard accounts for each instance. The maximum number of standard accounts that can be created is determined by the kernel engine of the instance.
    • You must grant standard accounts the required permissions on specific databases.
    • You cannot use a standard account to create or manage other accounts, or close connections that are established by using other accounts.
    Note
    • After an account is created, the type of the account cannot be changed. If you want to change the type of the account, delete the account and then use the same username of the account to create an account of the other type.
    • You can create RAM users within your Alibaba Cloud account and grant the permissions on specific instances to the RAM users. For more information, see Create a RAM user.
    The following sections describe the operations that you can perform on database accounts in the console.

    Precautions

    • You can create only one privileged account for each PolarDB-X instance.
    • You cannot delete the privileged account after it is created.

    Create an account

    1. Log on to the PolarDB for Xscale console.
    2. In the top navigation bar, select the region where the target instance is located.
    3. On the Instances page, click the PolarDB-X 2.0 tab.
    4. Find the target instance and click its ID.
    5. In the left-side navigation pane, choose ConfigurationManagement > Account Management.
    6. Click Create an account. In the panel that appears, configure the parameters.
      ParameterDescription
      Account nameThe username of the account.
      Note The username must meet the following requirements:
      • The username can be up to 16 characters in length and can contain lowercase letters, digits, and underscores (_).
      • The username must start with a lowercase letter and end with a lowercase letter or a digit.
      • The username must be unique and cannot be the same as the username of an existing account.
      Account typesThe type of the account. You can specify the account to be a privileged account or standard account.
      Authorization databaseThe databases that can be accessed by using the credential of the account. You can specify one or more databases.
      1. Select one or more databases and click the 456789 icon to move the selected databases from the Unauthorized database section on the left side to the Authorized database section on the right side.
      2. In the Authorized database section, select the database permissions that you want to grant to the account.
      Note
      • This parameter is available only when you create a standard account.
      • This parameter is optional. You can grant permissions to the account after the account is created.
      • Supported permissions: Read and Write, Read Only, DML Only, and DDL Only.
      • If you want to grant the same permissions on all selected databases, click the permission name such as All Read and Write next to Authorized database.
      PasswordThe password of the account.
      Note The password must meet the following requirements:
      • The password must be 8 to 20 characters in length.
      • The password must contain at least three types of the following characters: uppercase letters, lowercase letters, digits, and special characters.
      • Special characters include @ # $ % ^ & + =
      Confirm passwordEnter the same password to confirm the password.
      DescrOptional. The description of the account. The description can help you identify the account. The description can be up to 256 characters in length.
    7. Click OK.

    Reset the password of a database account

    1. Log on to the PolarDB for Xscale console.
    2. In the top navigation bar, select the region where the target instance is located.
    3. On the Instances page, click the PolarDB-X 2.0 tab.
    4. Find the target instance and click its ID.
    5. In the left-side navigation pane, choose ConfigurationManagement > Account Management.
    6. On the Account Management page, find the account for which you want to reset the password and click modifyPassword in the Operation column.
    7. In the dialog box that appears, enter and confirm the new password, and then click OK.
      Note The password must meet the following requirements:
      • The password must be 8 to 20 characters in length.
      • The password must contain at least three types of the following characters: uppercase letters, lowercase letters, digits, and special characters.
      • Supported special characters: @#$%^&+=

    Modify permissions for a standard account

    1. Log on to the PolarDB for Xscale console.
    2. In the top navigation bar, select the region where the target instance is located.
    3. On the Instances page, click the PolarDB-X 2.0 tab.
    4. Find the target instance and click its ID.
    5. In the left-side navigation pane, choose ConfigurationManagement > Account Management.
    6. On the Account Management page that appears, find the account for which you want to modify permissions and click Modify Permit in the Operation column.
      Note The privileged account of an instance is granted full permissions on all databases in the instance. You do not need to modify permissions for the privileged account.
    7. In the panel that appears, select one or more databases in the Unauthorized database section and click the 456789 icon to move the selected databases to the Authorized database section.
    8. In the Authorized database section, select the database permissions that you want to grant to the account.
      Note
      • Supported permissions: Read and Write, Read Only, DML Only, and DDL Only.
      • If you want to grant the same permissions on multiple selected databases, click the permission name such as All DDL Only next to Authorized database.
    9. Click OK.

    Delete an account

    Warning If you delete an account, clients that use the account fail to connect to the database. Proceed with caution.
    1. Log on to the PolarDB for Xscale console.
    2. In the top navigation bar, select the region where the target instance is located.
    3. On the Instances page, click the PolarDB-X 2.0 tab.
    4. Find the target instance and click its ID.
    5. In the left-side navigation pane, choose ConfigurationManagement > Account Management.
    6. On the Account Management page, find the account that you want to delete and click Delete in the Operation column.
    7. In the message that appears, click OK.