All Products
Search
Document Center

user management

Last Updated: Sep 07, 2020

This topic describes how to manage user accounts in the Time Series Database (TSDB) console. Before you manage user accounts, you must log on to the Alibaba Cloud console, go to the TSDB console, and find the target instance that you have purchased.

User account types

In TSDB version 1.0, you can manage super user accounts and general user accounts for TSDB instances. TSDB version 1.0 uses engines whose versions are 2.5.13 or later. You can use the TSDB console to manage each type of TSDB user account. TSDB user accounts can be divided into four types based on the following four types of user permissions: read-only, write-only, read/write, super. For more information about the API endpoints that each type of user account can use to read or write data, see Common API endpoints used to read or write data.

Manage user accounts

Enable the feature of user account management

Log on to the TSDB console. In the left-side navigation pane, click Accounts. On the page that appears, click Enable Account Management.

Create a user account

  1. In the left-side navigation pane of the TSDB console, click Accounts. On the page that appears, click Create.

  2. On the Create Account page, specify an account name and a password.

  • The specified account name is a maximum of 10 characters in length and can contain lowercase letters, digits, and underscores (_). It must start with a letter and end with a letter or a digit.
  • The specified password can contain only letters, digits, and the following four special characters: underscores (_), at signs (@), number signs (#), and periods (.). The specified password must be 6 to 20 characters in length.

Identity authentication based on the specified user account information for TSDB data reads and writes

In the preceding section, a user account is created. The user account information may be used to authenticate the user identity when the user uses API endpoints to query data from TSDB or write data to TSDB. If the feature of user account management is enabled, most of the HTTP API requests require identity authentication based on the specified user account information. For more information about the API endpoints that each type of user account can use, see the “Common API endpoints used to read or write data” section in this topic.

Check the availability of a user account

To check the availability of a TSDB user account, use the curl command in the command-line interface (CLI) to create and send the following request based on the permissions of the user account. You can use the api/put or the api/query API endpoint of a specified TSDB instance to create the request. The api/put API endpoint is used as an example:

  1. curl -X POST -u ${User account name}:${Plaintext password} http://ts-xxxxxxx.hitsdb.tsdb.aliyuncs.com:8242/api?summary -d '[{"metric":"sys.cpu.nice","timestamp":1346846400,"value":18,"tags":{"host":"web01","dc":"lga"}}]'

Specify the user account information in TSDB SDKs

You can specify the user account information in TSDB SDKs for identity authentication.

To do this, you must call the basicAuth method to specify the user account name and the plaintext password when you create the TSDBConfig object. Then, the specified user account information is used by the connections that are created based on the TSDBConfig object to access TSDB services.

Note that you must use SDK V0.2.7 or later to access TSDB instances that require user identity authentication.

Specify the user account information in the applications that are not developed by using Java

If the applications cannot use TSDB SDKs, such as Python applications or Go applications, you must create valid HTTP requests to access TSDB services based on your HTTP client libraries. When you create an HTTP request, you must add the Authorization field to the request header and specify a valid value for the field. The specified value of the Authorization field must meet the format requirements for the basic credentials, which are specified in RFC 2617.

Only the HTTP requests that are created in this method can be accepted by TSDB for identity authentication. Otherwise, the HTTP requests are rejected.

The valid format of the basic credentials is described as follows:

  1. Basic {Base64-encoded authentication data}

The plaintext format for the Base64-encoded authentication data is ${User account name}:${Password}. Note that colons (:) must be used to separate the user account name and the password.

Common API endpoints used to read or write data

API endpoint No credential WriteOnly ReadOnly ReadWrite Super
/api/put × Supported × Supported Supported
/api/query × × Supported Supported Supported
/api/query/last × × Supported Supported Supported
/api/mput × Supported × Supported Supported
/api/mquery × × Supported Supported Supported
/api/query/mlast × × Supported Supported Supported
/api/prom_write × Supported × Supported Supported
/api/prom_read × × Supported Supported Supported
/api/suggest × × Supported Supported Supported
/api/dump_meta × × Supported Supported Supported
/api/search/lookup × × Supported Supported Supported
/api/ttl × × × × Supported
/api/delete_meta × Supported × Supported Supported
/api/delete_data × Supported × Supported Supported
/api/truncate × × × × Supported