All Products
Search

This Product

    ApsaraDB RDS:Create an account

    Document Center

    ApsaraDB RDS:Create an account

    Last Updated:Sep 26, 2023

    This topic describes how to create an account that is used to manage the databases of an ApsaraDB RDS for MariaDB instance.

    Account types

    ApsaraDB RDS for MariaDB supports two types of accounts: privileged accounts and standard accounts. You can manage all accounts and databases of your RDS instance in the ApsaraDB RDS console.

    Account type

    Description

    Privileged account

    • You can create and manage privileged accounts in the ApsaraDB RDS console or by using the ApsaraDB RDS API.

    • Only one privileged account can be created for each RDS instance. A privileged account has the permissions to manage all databases and standard accounts of the RDS instance on which the privileged account is created.

    • A privileged account allows you to manage permissions at fine-grained levels based on your business requirements. For example, you can grant each standard account the permissions to query specific tables from the RDS instance on which the privileged account is created.

    • A privileged account has the permissions on all databases of the RDS instance on which the privileged account is created.

    • A privileged account has the permissions to disconnect any standard account of the RDS instance on which the privileged account is created.

    • If the username of the privileged account is the same as that of an existing standard account, the privileged account replaces the standard account.

    Standard account

    • You can create and manage standard accounts by using the ApsaraDB RDS console, API operations, or SQL statements.

    • More than one standard account can be created for each RDS instance. The maximum number of standard accounts that are allowed for an RDS instance varies based on the minor engine version of the RDS instance.

    • You must grant the permissions on specific databases to standard accounts.

    • You cannot use a standard account to create, manage, or log off other accounts from the RDS instance on which the standard account is created.

    Create a privileged account

    1. Log on to the ApsaraDB RDS console.

    2. In the left-side navigation pane, click Instances. In the top navigation bar, select the region of your RDS instance.

    3. Find the RDS instance and click its ID.

    4. In the left-side navigation pane, click Accounts.

    5. Click Create Account.

    6. Configure the following parameters.

      Parameter

      Description

      Database Account

      Enter a username for the account. The username must meet the following requirements:

      • The username must be 2 to 16 characters in length.

      • The username must start with a lowercase letter and end with a lowercase letter or digit.

      • The value can contain lowercase letters, digits, and underscores (_).

      • The name is unique.

      Note

      If the username of the privileged account is the same as that of an existing standard account, the privileged account replaces the standard account.

      Account Type

      Select Privileged Account.

      New Password

      Enter the password of the account. The password must meet the following requirements:

      • It is 8 to 32 characters in length.

      • It must contain at least three types of the following characters: uppercase letters, lowercase letters, digits, and special characters.

      • It can contain the following special characters: ! @ # $ % ^ & * ( ) _ + - =

      Confirm Password

      Enter the password for the account again.

      Description

      Enter a description that helps identify the account. The description is up to 256 characters in length.

    7. Click OK.

    Note

    The privileged account is activated within seconds after it is created.

    Reset the permissions of a privileged account

    If the permissions of a privileged account are accidentally revoked or encounter other exceptions, perform the following steps to reset the permissions:

    1. Log on to the ApsaraDB RDS console.

    2. In the left-side navigation pane, click Instances. In the top navigation bar, select the region of your RDS instance.

    3. Find the RDS instance and click its ID.

    4. In the left-side navigation pane, click Accounts.

    5. Find the privileged account and click Reset Permissions in the Actions column.

    6. In the dialog box that appears, specify a new password and click OK.

    Create a standard account

    1. Log on to the ApsaraDB RDS console.

    2. In the left-side navigation pane, click Instances. In the top navigation bar, select the region of your RDS instance.

    3. Find the RDS instance and click its ID.

    4. In the left-side navigation pane, click Accounts.

    5. Click Create Account.

    6. Configure the following parameters.

      Parameter

      Description

      Database Account

      Enter a username for the account. The username must meet the following requirements:

      • The username must be 2 to 16 characters in length.

      • The username must start with a lowercase letter and end with a lowercase letter or digit.

      • The value can contain lowercase letters, digits, and underscores (_).

      Account Type

      Select Standard Account.

      Authorized Databases

      Specify the databases whose permissions you want to grant to the account. You can specify one or more databases.

      1. In the Unauthorized Databases section, select one or more databases. Then, click the > icon to move the selected databases to the Authorized Databases section.

      2. In the Authorized Databases section, select the Read/Write (DDL + DML), Read-only, DDL Only, or DML Only permissions for each database.

        If you want to grant the same permissions on more than one database at a time, select the databases and configure the Set All to parameter in the upper-right corner of the Authorized Database section to grant related permissions on the selected authorized databases. For example, you can set the parameter to Read/Write (DDL + DML).

        Note

        • The parameter settings in the upper-right corner change after you click them. For example, if you click the Read/Write (DDL + DML) value, the value changes to (Read-only).

        • You can leave this parameter unspecified. In this case, you can grant the permissions on specific databases to the account after the account is created.

      New Password

      Enter the password of the account. The password must meet the following requirements:

      • It is 8 to 32 characters in length.

      • It must contain at least three types of the following characters: uppercase letters, lowercase letters, digits, and special characters.

      • It can contain the following special characters: ! @ # $ % ^ & * ( ) _ + - =

      Confirm Password

      Enter the password for the account again.

      Description

      Optional. Enter a description that helps identify the account. The description is up to 256 characters in length.

    7. Click OK.

    Related operations

    Operation

    Description

    CreateAccount

    Creates an account on an instance.