You can enable and disable the three-role mode in the PolarDB-X console. After you enable the three-role mode for your PolarDB-X instance, the privileged account is selected as the database administrator (DBA) account, and you must create a security administrator (DSA) account and a data audit administrator (DAA) account. This topic describes how to enable and disable the three-role mode.

Enable the three-role mode

  1. Log on to the PolarDB-X console.
  2. In the top navigation bar, select the region where the target instance is located.
  3. On the Instances page, click the PolarDB-X 2.0 tab.
  4. Find the target instance and click its ID.
  5. In the left-side navigation pane, choose ConfigurationManagement > Safety management.
  6. Click the Account powers tab. On the page that appears, turn on the Current account security mode switch.
    Note Create the privileged account before you enable the three-role mode. For more information, see Create an account.
  7. In the Create account panel, configure the following parameters.
    Parameter Description
    Account name The name of the account.
    Note The account name must meet the following requirements:
    • The name must be a maximum of 16 characters in length and can contain lowercase letters, digits, and underscores (_).
    • The name must start with a lowercase letter and end with a lowercase letter or a digit.
    • The name must be unique.
    Account type The value is always Security administrator account.
    Password Enter the password for the account.
    Note The password must meet the following requirements:
    • The password must be 8 to 20 characters in length.
    • The password must contain at least three of the following character types: uppercase letters, lowercase letters, digits, and special characters.
    • Supported special characters:

      @#$%^&+=
    Confirm password Enter the password for the account again.
    Description Optional. The information about the account. The description helps you better manage the account later. The description must be a maximum of 256 characters in length.
  8. Click Next Step and configure the following parameters.
    Parameter Description
    Account name The name of the account.
    Note The account name must meet the following requirements:
    • The name must be a maximum of 16 characters in length and can contain lowercase letters, digits, and underscores (_).
    • The name must start with a lowercase letter and end with a lowercase letter or a digit.
    • The name must be unique.
    Account type The value is always Audit administrator account.
    Password Enter the password for the account.
    Note The password must meet the following requirements:
    • The password must be 8 to 20 characters in length.
    • The password must contain at least three of the following character types: uppercase letters, lowercase letters, digits, and special characters.
    • Supported special characters:

      @#$%^&+=
    Confirm password Enter the password for the account again.
    Description Optional. The information about the account. The description helps you better manage the account later. The description must be a maximum of 256 characters in length.
  9. Click OK.
    Note About 3 to 5 seconds are required for the new configuration to take effect.

Disable the three-role mode

  1. Log on to the PolarDB-X console.
  2. In the top navigation bar, select the region where the target instance is located.
  3. On the Instances page, click the PolarDB-X 2.0 tab.
  4. Find the target instance and click its ID.
  5. In the left-side navigation pane, choose ConfigurationManagement > Safety management.
  6. Click the Account powers tab. On the page that appears, turn off the Current account security mode switch.
  7. In the dialog box that appears, click OK.
  8. In the Password verification of privileged account dialog box that appears, enter the password of the privileged account and click OK.
    Note About 3 to 5 seconds are required for the new configuration to take effect.