This topic describes how to create a database account for an AnalyticDB for MySQL Edition cluster and explains the differences between privileged accounts and standard accounts.

Account types

AnalyticDB for MySQL Edition supports two types of database accounts: privileged and standard. The following table describes the differences between privileged accounts and standard accounts.

Account type Description
Privileged account
  • You can create and manage privileged accounts only in the console.
  • You can create only one privileged account for each cluster. The privileged account is used to manage all standard accounts and databases of the cluster.
  • You can use a privileged account to close all database connections that are established under a standard account.
  • The privileged account allows you to implement fine-grained permission control to suit your business needs. For example, you can grant each standard account the permissions to query specific tables.
  • A privilege account in AnalyticDB for MySQL Edition is equivalent to a root account in MySQL.
Standard account
  • You can create or manage privileged accounts only by using SQL statements. For more information, see CREATE USER.
  • You can create up to 256 standard accounts for a cluster.
  • You must manually grant a standard account the permissions to access specific databases. For more information, see GRANT and Permission model.
  • You cannot use a standard account to close the database connections that are established under other standard accounts.

Create a privileged account

  1. Log on to the AnalyticDB for MySQL console by your Alibaba Cloud account.
  2. In the upper-left corner of the page, select the region where clusters reside.
  3. In the left-side navigation pane, click Clusters.
  4. On the V3.0 Clusters tab, click the target Cluster ID.
  5. In the left-side navigation pane, click Accounts.
  6. In the upper-right corner of the Accounts page, click Create Privileged Account.
  7. In the Create Account panel, configure the following parameters.
    Parameter Description
    Account The name of the privileged account. The name must meet the following requirements:
    • It must be 2 to 16 characters in length.
    • The name must start with a lowercase letter and end with a lowercase letter or a digit.
    • It can contain lowercase letters, digits, and underscores (_).
    Account Type Set the account type to Privileged Account.
    Password The password of the privileged account. The password must meet the following requirements:
    • The password must be 8 to 32 characters in length
    • It must contain at least three of the following character types: uppercase letters, lowercase letters, digits, and special characters.
    • Special characters include ! @ # $ % ^ & * ( ) _ + - =.
    Confirm Password Enter the password of the privileged account again.
    Description Optional. The description that is used to identify the account for future management.
  8. Click OK.

Create a standard account

For information about how to create a standard account and grant permissions to the standard account, see CREATE USER and GRANT.