You can enable and disable the three-role mode in the PolarDB-X console. After you enable the three-role mode for your PolarDB-X instance, the privileged account is selected as the database administrator (DBA) account, and you must create a security administrator (DSA) account and a data audit administrator (DAA) account. This topic describes how to enable and disable the three-role mode.
Enable the three-role mode
- Log on to the PolarDB-X console.
- In the top navigation bar, select the region where the target instance is located.
- On the Instances page, click the PolarDB-X 2.0 tab.
- Find the target instance and click its ID.
- In the left-side navigation pane, choose ConfigurationManagement > Safety management.
- Click the Account powers tab. On the page that appears, turn on the Current account security mode switch. Note Create the privileged account before you enable the three-role mode. For more information, see Create an account.
- In the Create account panel, configure the following parameters.
Parameter Description Account name The name of the account. Note The account name must meet the following requirements:- The name must be a maximum of 16 characters in length and can contain lowercase letters, digits, and underscores (_).
- The name must start with a lowercase letter and end with a lowercase letter or a digit.
- The name must be unique.
Account type The value is always Security administrator account. Password Enter the password for the account. Note The password must meet the following requirements:- The password must be 8 to 20 characters in length.
- The password must contain at least three of the following character types: uppercase letters, lowercase letters, digits, and special characters.
- Supported special characters:
@#$%^&+=
Confirm password Enter the password for the account again. Description Optional. The information about the account. The description helps you better manage the account later. The description must be a maximum of 256 characters in length. - Click Next Step and configure the following parameters.
Parameter Description Account name The name of the account. Note The account name must meet the following requirements:- The name must be a maximum of 16 characters in length and can contain lowercase letters, digits, and underscores (_).
- The name must start with a lowercase letter and end with a lowercase letter or a digit.
- The name must be unique.
Account type The value is always Audit administrator account. Password Enter the password for the account. Note The password must meet the following requirements:- The password must be 8 to 20 characters in length.
- The password must contain at least three of the following character types: uppercase letters, lowercase letters, digits, and special characters.
- Supported special characters:
@#$%^&+=
Confirm password Enter the password for the account again. Description Optional. The information about the account. The description helps you better manage the account later. The description must be a maximum of 256 characters in length. - Click OK. Note About 3 to 5 seconds are required for the new configuration to take effect.
Disable the three-role mode
- Log on to the PolarDB-X console.
- In the top navigation bar, select the region where the target instance is located.
- On the Instances page, click the PolarDB-X 2.0 tab.
- Find the target instance and click its ID.
- In the left-side navigation pane, choose ConfigurationManagement > Safety management.
- Click the Account powers tab. On the page that appears, turn off the Current account security mode switch.
- In the dialog box that appears, click OK.
- In the Password verification of privileged account dialog box that appears, enter the password of the privileged account and click OK. Note About 3 to 5 seconds are required for the new configuration to take effect.