RDS supports the classic mode and the master mode. For instances of MySQL 5.7 High-availability Edition, MySQL 5.6, and MySQL 5.5, you can create a master account to upgrade the account management mode from classic to master. Compared with the classic mode, the master mode enables more permissions to meet the personalized and sophisticated permission management needs. You can also use SQL to directly manage databases and accounts. Therefore, we recommend that you use the master mode.
This document describes how to upgrade the account management mode, namely to create a master account, of MySQL 5.7 High-availability Edition, MySQL 5.6, and MySQL 5.5. For details about the usage, supported engines, functions, and permissions of accounts in the classic mode and master mode, see Create an account.
After a master account is created for a master instance, it is synchronized to the read-only instances and disaster tolerance instances. In the master mode, you are not allowed to manage databases and common accounts on the RDS console or through APIs. You must use SQL commands or Alibaba Cloud DMS to perform relative operations. However, you can reset the permissions and password of the master account on the RDS console or through API, without affecting other accounts in the instance.
The following figure shows how to upgrade the account management mode from the classic mode to the master mode, and the difference of creating and managing databases/accounts between the two modes.
The following changes occur after an instance switches to the master account mode:
- After the master account is created, the Databases page and Create Account on the Accounts page disappear. However, this change only affects the single instance and has nothing to do with other instances.
For MySQL 5.5/5.6 instances:
You can only upgrade from the classic mode to the master mode and does not support rollback.
You cannot directly access the mysql.user and mysql.db tables, but you can view the existing account and permissions through mysql.user_view and mysql.db_view.
You cannot use the master account to modify passwords of other common accounts. To modify passwords of other common accounts, you must delete the master account and create a new account.
MySQL 5.7 instances support only the master mode.
When the master account is created, the instance restarts once, causing a transient network disconnection in 30s. Make sure that you create an account at proper time, and the application supports auto-reconnection, to prevent disconnections, if any.
Log on to the RDS console.
Select the region in which the target instance is located.
Click the ID of the target instance to go to the Basic Information page of the instance.
Select Accounts in the left-side navigation pane to go to the Accounts page.
Click Create Master Account.
Read the displayed text, click the checkbox, and click Next.
Enter the relevant details in the required fields.
Database Account: The account is a string of 2 to 16 characters. It must contain lowercase letters, numbers, and underscores (_). The account must start with a letter and end with a letter or a number.
Password: Password of the account. The password is a string of 8 to 32 characters. It must contain any three of letters, numbers, hyphens (-), and underscores (_).
Re-enter Password: Re-enter the password to verify that the password is entered correctly.
Note: After a master account is created, the account name cannot be modified, but the password can be modified later on the console.