Create a database account - AnalyticDB

AnalyticDB for MySQL supports two types of database accounts: privileged accounts and standard accounts. You can use a privileged account to manage all the standard accounts and databases. For standard accounts, you must manually create them and grant permissions to perform database operations.

Account types

AnalyticDB for MySQL supports two types of database accounts: privileged accounts and standard accounts. The following table describes the differences between privileged accounts and standard accounts.

Account type	Description
Privileged account	You can create and manage privileged accounts only in the console. You can create only a single privileged account for each cluster. The privileged account can be used to manage all standard accounts and databases of the cluster. You can use a privileged account to close all database connections that are established by a standard account. The privileged account allows you to implement fine-grained permission control to suit your business requirements. For example, you can grant each standard account the permissions to query specific tables. A privileged account in AnalyticDB for MySQL is equivalent to a root account in MySQL.
Standard account	For a Data Warehouse Edition (V3.0) cluster, you can create standard accounts only by using SQL statements. For more information, see CREATE USER. For a Data Lakehouse Edition (V3.0) cluster, you can create standard accounts by using both SQL statements and console operations. For more information, see CREATE USER and Create and grant permissions to a standard account. You can create up to 256 standard accounts for a cluster. You must manually grant a standard account the permissions to access specific databases. For more information, see GRANT and Database permission model. You cannot use a standard account to close the database connections that are established by other standard accounts.

Create a privileged account

Log on to the AnalyticDB for MySQL console.
In the upper-left corner of the page, select a region.
In the left-side navigation pane, click Clusters.
Click the Data Lakehouse Edition (V3.0) or Data Warehouse Edition (V3.0) tab based on your cluster type.
Find the cluster that you want to manage and click its ID.
In the left-side navigation pane, click Accounts.
For a Data Warehouse Edition (V3.0) cluster, click Create Privileged Account. For a Data Lakehouse Edition (V3.0) cluster, click Create Account.

In the Create Privileged Account or Create Account panel, configure the parameters described in the following table.

Parameter	Description
Account	The name of the privileged account. Enter a name that meets the on-screen requirements.
Account Type	For a Data Warehouse Edition (V3.0) cluster, this parameter is automatically set to Privileged Account. For a Data Lakehouse Edition (V3.0) cluster, select Privileged Account.
New Password	The password of the privileged account. Enter a password that meets the on-screen requirements.
Confirm Password	Enter the password of the privileged account again.
Description	Optional. The description that is used to identify the account for future management.

Click OK.

Reset the password of a privileged account

If you forget the password of a privileged account, you can reset the password in the console.

Important

For data security purposes, we recommend that you change the account password on a regular basis.

On the Accounts page, find the privileged account and click Change Password in the Actions column. In the dialog box that appears, enter and confirm a new password as prompted, and then click OK.

Create and grant permissions to a standard account

Console operations

You can create and grant permissions to a standard account in the console only for Data Lakehouse Edition (V3.0) clusters.

Log on to the AnalyticDB for MySQL console.
In the upper-left corner of the page, select a region.
In the left-side navigation pane, click Clusters.
On the Data Lakehouse Edition (V3.0) tab, find the cluster that you want to manage and click its ID.
In the left-side navigation pane, click Accounts.
Click Create Account.

In the Create Account panel, configure the parameters described in the following table.

Parameter	Description
Account	The name of the standard account. Enter a name that meets the on-screen requirements.
Account Type	Select Standard Account.
New Password	The password of the standard account. Enter a password that meets the on-screen requirements.
Confirm Password	Enter the password of the standard account again.
Description	Optional. The description that is used to identify the account for future management.

Click OK.
Find the created account and click Permissions in the Actions column to grant permissions to the account.

SQL statements

You can create and grant permissions to a standard account by executing SQL statements for both Data Warehouse Edition (V3.0) and Data Lakehouse Edition (V3.0) clusters. The standard accounts created by using SQL statements for Data Warehouse Edition (V3.0) clusters are not displayed in the console.

For more information about how to create a database account, see CREATE USER.
For more information about how to grant permissions to a database account, see GRANT.
For more information about how to revoke permissions from a database account, see REVOKE.
For more information about how to change the name of a database account, see RENAME USER.
For more information about how to delete a database account, see DROP USER.