All Products
Search
Document Center

Manage accounts

Last Updated: Jul 08, 2021

Before you manage accounts, visit the Alibaba Cloud official website and log on to the ApsaraDB for Lindorm (Lindorm) console. In the Lindorm console, select an instance. In the left-side navigation pane of the instance details page, click Time Series Engine. On the page that appears, you can use Lindorm TSDB. Lindorm TSDB allows you to manage administrator accounts and standard accounts. You can manage all accounts in the console. Account permissions are divided into the following types: read-only, write-only, read and write, and super. For information about the permissions that are required for Lindorm TSDB to call read and write operations, see the "Permissions that are required to call common API operations" section of this topic.

Manage accounts

Enable the account management feature
On the Account Management page, click Activate User Management.
2021-07-08_17-51-39
Create an account
  1. On the Account Management page, click Create.2021-07-08_17-52-37

  2. In the Create User dialog box, configure an account name and a password.

    • Create an administrator account

      2021-07-08_17-53-57
    • Create a standard account2021-07-08_17-54-49

    • Note:

      • The account name must be 1 to 10 characters in length and can contain lowercase letters, digits, and underscores (_). The account name must start with a letter and end with a letter or digit.

      • The password must be 6 to 20 characters in length and contain only letters, digits, underscores (_), at signs (@), number signs (#), and periods (.).

  3. The account is created. The following figure provides an example. In this example, the account name is tester.

creat

Delete an account

On the Account Management page, find the account that you want to delete and click Delete.2021-07-08_17-55-29

Notice

The permissions and passwords of accounts cannot be modified.

Disable the account management feature

On the Account Management, click Deactivate User Management.

Authenticate accounts that are used to perform read or write operations

After you create an account, the system authenticates the account when you use Lindorm TSDB to call read or write operations. If you enable the account management feature, the account is authenticated when you use Lindorm TSDB to send requests to most HTTP APIs. For more information about the permissions that are required for Lindorm TSDB to call HTTP APIs, see the "Permissions that are required to call common API operations" section of this topic.

Check whether an account is available

To check whether an account is available, you can run the curl command to access the api/put or api/query request path based on the permissions of the account. In this example, a query request that contains the api/put path is sent.

curl -X POST -u ${Account name}:${Plaintext password} http://ld-xxxxxxxxxxxxx-proxy-tsdb-pub.lindorm.rds.aliyuncs.com:8242/api?summary -d '[{"metric":"sys.cpu.nice","timestamp":1346846400,"value":18,"tags":{"host":"web01","dc":"lga"}}]'

Specify the account information in the Lindorm TSDB SDK

If you use the Lindorm TSDB Use the SDK to connect to and use a Lindorm time series database, you must specify the account information for authentication.

If you create the TSDBConfig object, call the basicAuth() method to input your account name and plaintext password. All connections that are established by using the TSDBConfig object carry the input account information to access Lindorm TSDB.

Note: To access a Lindorm TSDB instance that has the authentication capability, use Lindorm TSDB SDK V0.2.7 or later.
Specify the account information in non-Java applications

For applications that do not support the Lindorm TSDB SDK, such as the Python and Go applications, you must add the Authorization field to the header when you send an HTTP request. The Authorization field contains the basic authentication credential that is organized in a piece of text in the format defined in the RFC 2617 standard.

Only the HTTP requests with the Authorization field can be processed by Lindorm TSDB.

Format of the basic authentication credential:
Basic {Base64-encoded authentication information}

Format of Base64-encoded authentication information: %Authorization:Basic ${Account name}:${Password}%. Separate the fields with colons (:).

Permissions that are required to call common API operations

The following table lists the permission control policies for calls to common API operations. These policies take effect after you enable the account management feature.

Operation

Non-authenticated account

WriteOnly

account

ReadOnly

account

ReadWrite

account

Super

account

/api/put

×

×

/api/query

×

×

/api/query/last

×

×

/api/mput

×

×

/api/mquery

×

×

/api/query/mlast

×

×

/api/suggest

×

×

/api/dump_meta

×

×

/api/search/lookup

×

×

/api/ttl

×

×

×

×

/api/delete_data

×

×

/api/truncate

×

×

×

×