This topic describes how to create an account for a MyBase for SQL Server instance.


A MyBase for SQL Server instance is created. For more information, see Create a MyBase for SQL Server instance.


  • You must create an account based on the requirements of your business role. When you grant permissions on databases to the account, follow the principle of least privilege and grant the account the read-only permissions or the read and write permissions as needed. You can create more than one account for the instance and grant each account the permissions on specific databases. If you do not need to use the account to write data to a database, grant the account only the read-only permissions on the database.
  • To ensure database security, configure a strong password for the account and change the password on a regular basis.


  1. Log on to the ApsaraDB for MyBase console.
  2. In the top navigation bar, select the region where you want to create a dedicated cluster.
    Select a region
  3. In the left-side navigation pane, choose Instances > SQL Server.
  4. Find the instance that you want to release, and click Details in the Actions column to go to the details page of the instance in the ApsaraDB RDS console.
  5. In the left-side navigation pane, click Accounts.
  6. Click Create Account.
  7. In the panel that appears, configure the following parameters.
    Parameter Description
    Database Account The name of the account must be 2 to 64 characters in length and can contain lowercase letters, digits, and underscores (_). The name must start with a lowercase letter and end with a lowercase letter or a digit.
    Account Type
    • Privileged Account: A MyBase for SQL Server instance can have only one privileged account.
      • By default, the privileged account has the Owner permissions on all the databases that are created on the instance. You can modify the permissions of the privileged account. For more information, see Modify the permissions of an account.
      • The privileged account cannot be deleted.
    • Standard Account: You can select Standard Account only if you have created a privileged account for your MyBase for SQL Server instance. A MyBase for SQL Server instance can have multiple standard accounts.
      • You must manually grant standard accounts the permissions on databases.
      • Standard accounts can be deleted.
    • System Admin Account: A MyBase for SQL Server instance can have only one system admin account.
      • The following names cannot be used as the name of the system admin account:
      • By default, the system admin account has all permissions on all the databases that are created on the instance. You cannot modify the permissions of the system admin account.
      • After the system admin account is created, the service-level agreement (SLA) is not guaranteed. Exercise caution when you create this type of account.
      • The system admin account can be deleted.
    Authorized Databases If you set Account Type to Standard Account, you must grant permissions on databases to the standard account.

    You can perform the following steps to grant permissions on more than one database to the standard account:

    1. In the Unauthorized Databases section, select the databases on which you want to grant the permissions to the standard account.
      Note If no databases are created on the instance, create databases before you grant permissions on databases.
    2. Click the > icon to add the selected databases to the Authorized Databases: section.
    3. Grant the permissions on each selected database to the standard account. The following permission types are supported: Read/Write (DML), Read-only, and Owner.
      Note You can use a standard account to create tables, delete tables, and modify table schemas in a database only if the standard account has the Owner permissions on the database.
      Grant permissions on databases to a standard account

    Enter a password for the account. The password must meet the following requirements:

    • The password must be 8 to 32 characters in length.
    • The password must contain at least three of the following character types: uppercase letters, lowercase letters, digits, and special characters.
    • The password can contain the following special characters: !@#$%^&*()_+-=
    Confirm Password Enter the password of the account again. Make sure that you enter the correct password.
    Description Enter a description that helps identify the account. The description can be up to 256 characters in length.
  8. Click Create.