Before using the database, you need to create an account in the RDS instance. This section describes how to create an account in RDS.
Databases under a single instance share all the resources of this instance.
MySQL and SQL Server instances support the creation of up to 500 accounts.
PostgreSQL and PPAS instances have no limit on the number of accounts.
You can create only an initial account on MySQL 5.7 and SQL Server 2012.
The account on MySQL 5.5/5.6 supports both of the traditional mode and the autonomous mode to manage the instance. You can upgrade from the traditional mode to the autonomous mode, but the rollback is not supported. The mode will be changed to the autonomous mode automatically when the high-privilege account is created.
|Traditional mode||Autonomous mode (After creating the high-privilege account)|
|Supported engine and version||MySQL 5.5/5.6
SQL Server 2008R2
SQL Server 2012
|Features||It is the first mode supported by RDS. All the accounts (User)/databases (DB) are created and managed through the Open API or RDS console.||It is a new mode. It is a totally autonomous management mode and provides higher privilege, making the account and privilege management more free and flexible. There are two types of accounts: the initial account (the high-privilege account) and the ordinary account.|
|Account number||Up to 500.||No limit.|
|Database number||MySQL: Up to 500.
SQL Server: Up to 50.
|Methods to create accounts||OpenAPI/RDS console||Initial account: OpenAPI/RDS console
Ordinary account: Execute SQL
|Methods to create databases||OpenAPI/RDS console||Execute SQL|
|OpenAPI: account management||CreateAccount
|OpenAPI: database management||CreateDatabase
|Privilege management||Only including two kinds of the privileges: read/write and read only.||You can take full use of the privilege management advantages of the database engine, such as assigning the query permissions of different tables to different users.|
When assigning database account permissions, follow the minimum permission principle and service roles to create accounts and rationally assign Read-Only and Read/Write permissions. When necessary, you may split database accounts and databases into smaller units so that each database account can only access data for its own services. If you do not need to write data to a database, assign Read-Only permission.
Use strong passwords for database accounts and change the passwords on a regular basis.
Log on to the
RDS Consoleand select the target instance.
Select Account management in the menu, and click Create Account, as shown in the figure below.
Enter the information of the account to create, and click OK, as shown in the figure below.
Database account: Consists of 2 to 16 characters (which can be lowercase letters, digits or underscores). It must begin with a letter and end with a letter or digit, for example, user4example*.
Authorized database: Refers to the authorized database of this account. Select Unauthorized Database on the left, and click Authorize to add the database to Authorized Database. This field can be blank if no database has been created.
You can click the permission setting button on the upper-right corner of Authorized Database to batch set the permissions of the databases under this account to All Read/Write or All Read Only.
Password: Refers to the password corresponding to this account. The password consists of 6 to 32 characters which may be letters, digits, hyphens or underscores, for example, password4example.
Confirm password: Enters the password again, for example, password4example to ensure that a correct password is entered.
Remarks: This field can be used to store additional information relevant to the database to facilitate management. A maximum of 256 characters can be entered (1 Chinese character is considered 3).