How do I create a database and an account on an ApsaraDB RDS for MariaDB instance? - ApsaraDB RDS

This topic describes how to create a database and an account on an ApsaraDB RDS for MariaDB instance.

Account types

ApsaraDB RDS for MariaDB supports two types of accounts: privileged accounts and standard accounts. You can manage all accounts and databases of your RDS instance in the ApsaraDB RDS console.

Account type	Description
Privileged account	You can create and manage privileged accounts in the ApsaraDB RDS console or by using the ApsaraDB RDS API. Only one privileged account is allowed per RDS instance. A privileged account has the permissions to manage all the databases and standard accounts of the RDS instance on which the privileged account is created. A privileged account allows you to manage permissions at fine-grained levels based on your business requirements. For example, you can grant each standard account the permissions to query specific tables from the RDS instance on which the privileged account is created. A privileged account has the permissions on all databases of the RDS instance on which the privileged account is created. A privileged account has the permissions to disconnect all standard accounts of the RDS instance on which the privileged account is created.
Standard account	You can create and manage standard accounts by using the ApsaraDB RDS console, API operations, or SQL statements. More than one standard account can be created for each RDS instance. The maximum number of standard accounts that are allowed for an RDS instance varies based on the minor engine version of the RDS instance. You must grant the permissions on specific databases to standard accounts. You cannot use a standard account to create, manage, or log off other accounts from the RDS instance on which the standard account is created.

Create a privileged account

Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the instance ID.
In the left-side navigation pane, click Accounts.
Click Create Account.

Configure the following parameters.

Parameter	Description
Database Account	Enter a username for the account. The value must meet the following requirements: The username must start with a letter and end with a letter or a digit. It can contain lowercase letters, digits, or underscores (_). It must be 2 to 16 characters in length. Note If the username of the privileged account is the same as that of an existing standard account, the privileged account replaces the standard account.
Account Type	Select Privileged Account.
New Password	Enter a password for the account. The value must meet the following requirements: The password must be 8 to 32 characters in length. It must contain at least three types of the following characters: uppercase letters, lowercase letters, digits, and special characters. It can contain the following special characters: ! @ # $ % ^ & * ( ) _ + - =
Confirm Password	Enter the password for the account again.
Description	Enter a description that helps identify the account. The value can be up to 256 characters in length.

Click OK.

Reset the permissions of a privileged account

If the privileged account of your RDS instance encounters exceptions such as accidentally revoked permissions, you can perform the following steps to reset the permissions:

Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the instance ID.
In the left-side navigation pane, click Accounts.
Find the privileged account and click Reset Permissions in the Actions column.
In the dialog box that appears, specify a new password and click OK.

Create a standard account

Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the instance ID.
In the left-side navigation pane, click Accounts.
Click Create Account.

Configure the following parameters.

Parameter	Description
Database Account	Enter a username for the account. The value must meet the following requirements: The username must start with a letter and end with a letter or a digit. It can contain lowercase letters, digits, or underscores (_). It must be 2 to 16 characters in length.
Account Type	Select Standard Account.
Authorize Database	Specify the authorized databases of the account. You can specify one or more authorized databases. You can leave this parameter empty and grant the account the permissions on specific databases when you create the databases. For more information, see Create a database on an ApsaraDB RDS for MariaDB instance. Select one or more databases from the Unauthorized Databases section and click the > icon to add them to the Authorized Databases section. In the Authorized Databases section, select the Read/Write (DDL + DML), Read-only, DDL Only, or DML Only permissions for each authorized database. If you want to grant the same permissions on more than one database at a time, select the databases and configure the Set All to parameter in the upper-right corner of the Authorized Database section to grant related permissions on the selected authorized databases. For example, you can set the parameter to Read/Write (DDL + DML). Note The parameter settings in the upper-right corner change after you click them. For example, after you click Set All to Read/Write, the button changes to Set All to Read-only.
New Password	Enter a password for the account. The value must meet the following requirements: The password must be 8 to 32 characters in length. It must contain at least three types of the following characters: uppercase letters, lowercase letters, digits, and special characters. It can contain the following special characters: ! @ # $ % ^ & * ( ) _ + - =
Confirm Password	Enter the password for the account again.
Description	Enter a description that helps identify the account. This parameter is optional. Enter a description that helps identify the account. The value can be up to 256 characters in length.

Click OK.

Create a database

Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the instance ID.
In the left-side navigation pane, click Databases.
Click Create Database.

Configure the following parameters.

Parameter	Description
Database Name	The username must start with a letter and end with a letter or a digit. It can contain lowercase letters, digits, underscores (_), and hyphens (-). The name of the database. It must be 2 to 64 characters in length.
Supported Character Set	The character set of the database.
Authorized By	The account to which you want to grant the permissions on the database. You can leave this parameter empty. You can grant the permissions on a database to an account after the database is created. For more information, see Modify or reset account permissions. Note The Authorized By drop-down list displays only the standard accounts that are created on your RDS instance. The privileged account has all permissions on all databases and does not require authorization.
Account Type	Select the permissions that you want to grant to the selected accounts. You can select Read/Write, Read-only, DDL Only, or DML Only.
Description	Enter a description that helps identify the account. This parameter is optional. The description can be up to 256 characters in length.

Click Create.

Related operations

Operation	Description
CreateAccount	Creates an account on an instance.
CreateDatabase	Creates a database on an instance.