This topic introduces the basic concepts of PolarDB console accounts and PolarDB cluster accounts.

Console accounts

You can use the following accounts to log on to the console:

  • Alibaba Cloud account: This account allows flexible control of all your Alibaba Cloud resources and is used for billing purposes. You must create an Alibaba Cloud account before you purchase Alibaba Cloud services.

  • RAM user: Optional. You can create and manage RAM users in the Resource Access Management (RAM) console to share resources among multiple users. A RAM user does not have ownership over resources. Charges incurred are billed to the Alibaba Cloud account.

Database cluster accounts

You can use the following accounts to log on to your database cluster. For more information, see Create database accounts.
Account type Description
Privileged account
  • You can use the ApsaraDB for PolarDB console or API operations to create and manage privileged accounts.
  • You can create multiple privileged accounts for each cluster. You can use the privileged accounts to manage all the standard accounts and databases of the corresponding cluster.
  • A privileged account has more permissions than before. This allows you to implement fine-grained control over user permissions based on your business requirements. For example, you can grant different users the permissions to query different tables.
  • A privileged account has all the permissions on the databases in the corresponding cluster.
  • You can use a privileged account to disconnect accounts from the corresponding databases.
Standard account
  • You can use the ApsaraDB for PolarDB console, API operations, or SQL statements to create and manage standard accounts.
  • You can create multiple standard accounts for each cluster. The maximum number of standard accounts that you can create depends on the database engine.
  • You must manually grant standard accounts the specific database permissions.
  • You cannot use a standard account to create, manage, or disconnect other accounts from databases.

Related API operations

API Description
CreateAccount Creates a database account for a specified PolarDB cluster.
DescribeAccounts Queries the database accounts of a specified PolarDB cluster.
ModifyAccountDescription Changes the description of a database account for a specified PolarDB cluster.
ModifyAccountPassword Changes the password of a database account for a specified PolarDB cluster.
GrantAccountPrivilege Grants access permissions on one or more databases in a specified PolarDB cluster to a standard database account.
RevokeAccountPrivilege Revokes access permissions on one or more databases for a standard database account of a specified PolarDB cluster.
ResetAccount Resets the privileges of a privileged account for a specified PolarDB cluster.
DeleteAccount Deletes a database account for a specified PolarDB cluster.