Hologres is deeply integrated with the Alibaba Cloud account system. Hologres users are authenticated by using Alibaba Cloud accounts. This topic describes the Alibaba Cloud account system that is used in Hologres.
Account management
Account type | Description |
---|---|
Alibaba Cloud account | An Alibaba Cloud account is used to create and manage Hologres instances. For example, you can use your Alibaba Cloud account to log on to the Hologres console, create a database, change the billing method of an instance from pay-as-you-go to subscription, and grant permissions on objects to other users. |
RAM user | After you use your Alibaba Cloud account to create a RAM user and grant the permissions
to the RAM user, the RAM user can also create and manage Hologres instances. For example,
the RAM user can log on to the Hologres console, create a database, change the billing method of an instance from pay-as-you-go to
subscription, and grant permissions on objects to other users.
RAM users are subordinate to Alibaba Cloud accounts and do not possess actual resources. All resources belong only to Alibaba Cloud accounts. |
Logon account

- When you grant permissions to an Alibaba Cloud account, the full expression of the
Alibaba Cloud account must contain the logon account, as described in the following
table.
Account format Description Example ALIYUN$<Login Account>@aliyun.com <Login Account>: the logon account of the Alibaba Cloud account. ALIYUN$company@aliyun.com <Login Account>@aliyun.com company@aliyun.com - When you grant permissions to a RAM user, the full expression of the RAM user must
contain the logon account of the Alibaba Cloud account to which the RAM user belongs,
as described in the following table.
Account format Description Description <subUserName>@<Login Account>.onaliyun.com The account formats contain the following parameters: - <subUserName>: the name of the RAM user.
- <Login Account>: the logon account of the Alibaba Cloud account.
- <AccountID>: the account ID of the Alibaba Cloud account.
holouser@company.onaliyun.com <subUserName>@<Login Account> holouser@company <subUserName>@<Account ID>.onaliyun.com holouser@123456789xxxx RAM$<subUserName> RAM$holo_test RAM$<Login Account>:<subUserName> RAM$company:holouser RAM$<Account ID>:<subUserName> RAM$123456789xxxx:holouser <subUserName>@<Account ID> holouser@123456789xxxx
Account ID
189813715xxxx
. The account ID can be obtained from the user information page.
p4_UID
format, such as p4_12333388xxx
.
create USER "189813715xxxx"; // Authorize the user whose Alibaba Cloud account ID is 189813715xxxx to connect to Hologres.
create USER "p4_12333388xxx" superuser;// Assign the superuser role to the RAM user whose UID is 12333388xxx.
SELECT current_user;
AccessKey ID and AccessKey secret
The AccessKey ID and AccessKey secret are issued by Alibaba Cloud for you to connect to a Hologres instance. The AccessKey ID is similar to a logon account, and the AccessKey secret is similar to a logon password. You can view the AccessKey ID and AccessKey secret on the Security Management page of the Alibaba Cloud official website.
The AccessKey ID and AccessKey secret are access credentials that are issued by Alibaba Cloud. They have a validity period. If the AccessKey ID and AccessKey secret expire, you can create another AccessKey pair. For more information, see Create an Alibaba Cloud account.
When you use tools such as the PostgreSQL client or a JDBC client to connect to a Hologres instance, you must enter your AccessKey ID and AccessKey secret as the username and password.
Role
Role | Description |
---|---|
Superuser | By default, the system sets the Alibaba Cloud account used to purchase a Hologres instance as a superuser that has full permissions on the instance. The superuser can create and delete databases, create roles, and grant permissions to roles. |
Normal user | Users except superusers are all normal user. A normal user can access a Hologres instance and analyze data only after a superuser grants the permissions to the normal user. A normal user can also be assigned the superuser role to obtain full permissions on a Hologres instance. |
User group | You can add zero or multiple users to a user group to facilitate user management. A user group represent a role, for example, the administrator role and developer role. Users in a user group have the same permissions. For more information about how to set a user group and grant permissions to the user group, see PostgreSQL database roles. |