Before you can use an ApsaraDB RDS instance, you must create a database and an account on the RDS instance. This topic describes how to create a database and an account on an RDS instance.
Account types
ApsaraDB RDS for PostgreSQL instances support two types of accounts: privileged accounts and standard accounts. The following table describes these types of accounts.
Account type | Description |
---|---|
Privileged account |
Note
|
Standard account |
|
Usage notes
- You can create multiple privileged accounts and standard accounts in the ApsaraDB RDS console. You can also create and manage standard accounts by using SQL statements.
- Before you can migrate data from an on-premises database to an RDS instance, you must create a database and an account on the RDS instance. Make sure that the created database has the same properties as the on-premises database. In addition, make sure that the created account has the same permissions on the created database as the account that is authorized to manage the on-premises database.
- We recommend that you follow the principle of least privilege (PoLP) and grant the read and write permissions to accounts based on your business requirements. You can create multiple accounts and grant each account only the permissions to access the data of specified databases. If an account does not need to write data to a database, we recommend that you grant only the read permissions on the database to the account.
- For security purposes, we recommend that you specify strong passwords for accounts and change the passwords on a regular basis.
Create an account
- Access RDS Instances, select a region at the top, and then click the ID of the target RDS instance.
- In the left-side navigation pane, click Accounts.
- Click Create Account.
- Configure the following parameters.
Parameter Description Database Account: - The username of the account must be 2 to 63 characters in length.
- The username of the account can contain lowercase letters, digits, and underscores (_).
- The username of the account must start with a lowercase letter and end with a lowercase letter or a digit.
- The username of the account cannot be the same as the username of an existing account.
- The username of the account cannot start with pg.
- The username of the account cannot contain SQL keywords. For more information, see SQL Keywords.
Account Type: Specify the type of the account. Two types of accounts are supported: privileged accounts and standard accounts. - A privileged account has all operation permissions on all databases.
- Standard accounts have all operation permissions only on their authorized databases.
Note The operation permissions include SELECT, INSERT, UPDATE, DELETE, TRUNCATE, REFERENCES, and TRIGGER.Password: - The password of the account must be 8 to 32 characters in length.
- The password of the account must contain at least three of the following character types: uppercase letters, lowercase letters, digits, and special characters.
- The password of the account can contain any of the following special characters: ! @ # $ % ^ & * ( ) _ + - =
Confirm Password: Enter the password of the account again. Description Enter the description of the account. - Click OK.
Create a database
- Access RDS Instances, select a region at the top, and then click the ID of the target RDS instance.
- In the left-side navigation pane, click Databases.
- Click Create Database.
- Configure the following parameters. The following table describes the parameters.
Parameter Description Database Name - The name of the database can contain up to 63 characters in length.
- The name of the database can contain lowercase letters, digits, hyphens (-), and underscores (_).
- The name of the database must start with a lowercase letter and end with a lowercase letter or a digit.
Supported Character Set The character set that is supported by the database. Collate The rule based on which strings are sorted. Ctype The type of character supported by the database. Authorized Account: The owner of the database. The owner has all permissions on the database. Description The description of the database. - Click Create. You can view information about the database that you create on the Databases page.
Parameter Description ConnLimit The maximum number of concurrent requests that is allowed by the database. By default, the number of concurrent requests is unlimited. If you want to change the value of this parameter, you can use a privileged account to log on to the database and execute the ALTER DATABASE <Database name> CONNECTION LIMIT <Number of concurrent requests>;
statement.Tablespace The tablespace to which the database belongs. Default value: pg_default
. The paths of tablespaces cannot be viewed and modified.If you use methods such as the cloud migration feature to migrate data from a self-managed database to the database on your RDS instance, the tablespace name of the self-managed database may be different from that of the database on your RDS instance. In this case, you can change the tablespace name of the self-managed database to
pg_default
. For more information about the cloud migration feature, see Use the cloud migration feature for an ApsaraDB RDS for PostgreSQL instance.
FAQ
After I create accounts on my primary RDS instance, can I manage the accounts on the read-only RDS instances that are attached to my primary RDS instance?
No, although the accounts that are created on your primary RDS instance are synchronized to the read-only RDS instances, you cannot manage the accounts on the read-only RDS instances. The accounts have only the read permissions and do not have the write permissions on the read-only RDS instances.
Related operations
Operation | Description |
---|---|
Create a database account | Creates an account. |