Create an account

Last Updated: Dec 22, 2017

You must create an account in the RDS instance before you can use the database. RDS supports two account modes: the classic mode and the master mode. The classic mode is an earlier management mode in which you cannot use SQL to manage databases and accounts. Master mode is a later management mode in which you can use SQL to manage databases and accounts. In addition, you have more permissions available in this mode. In the long run, master mode is recommended if you need personalized and fine-grained control over database permissions.

This document describes the features available for accounts in classic and master modes, and how to create accounts in different modes.

Account modes

In the classic mode, all accounts are created through the RDS console or API, instead of SQL. All accounts are created equal. The RDS console is used to create and manage all accounts and databases.

In the master mode, you must create and manage your first or initial account by using the RDS console or API. Then you can log on to a database using your initial account. When you are logged on, you can create and manage additional accounts using SQL commands or Alibaba Cloud’s Data Management System (DMS). However, you cannot use your initial account to change the password for the additional accounts you have created. Instead, you have to delete those accounts and create new accounts. In the following example, the initial account is used as root to log on to the database. After that, an additional account “jeffrey” is created:

  1. mysql -hxxxxxxxxx.mysql.rds.aliyuncs.com -uroot -pxxxxxx -e "
  2. CREATE USER 'jeffrey'@'%' IDENTIFIED BY 'password';
  3. CREATE DATABASE DB001;
  4. "

In master mode, the database management page is unavailable on the RDS console for now. APIs such as CreateDatabase cannot be used to manage databases. Instead, you must use SQL commands or DMS to create and manage databases.

The following figure shows how to create and manage databases or accounts in classic and master modes:

Comparison between the classic and master modes

Account modes available for database engines

The account modes available for various database engines are shown as follows:

Database engine Account mode
MySQL 5.5/5.6 Classic mode/Master mode
Note: Upgrade from classic to master mode is supported only. You cannot roll back after the upgrade.
MySQL 5.7 Master mode
SQL Server 2008 R2 Classic mode
SQLServer 2012/2016 Master mode
PostgreSQL Master mode
PPAS Master mode

Differences between accounts and permissions

The following table lists the differences between classic and master modes in accounts and permissions:

Item Classic mode Master mode
Account limit Up to 500. No limit.
Database limit
  • MySQL: Up to 500.
  • SQL Server: Up to 50.
No limit.
RDS console used to create and manage databases and accounts Yes
  • The console can be used to manage the first account created on it, but not additional accounts, which must be created and managed using SQL commands or DMS.
  • Instead of the console, SQL commands or DMS must be used to create and manage databases.
SQL used to manage databases and accounts No Yes
Permission management Simple: Choose from Read/Write or Read-Only permissions for each account. Fine-grained control. You can take full advantage of the database engine’s permission management capabilities. For example, you can assign the query permissions for different tables to different users.
Permissions for an account (applicable to MySQL only) SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, PROCESS, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER CREATE USER, RELOAD, and REFERENCES are supported in addition to the 20 permissions supported in classic mode.

Difference in features

There are no differences in product features in both classic and master modes, including read-only instances, read/write splitting, configuration upgrade, network management, IP address whitelisting, and monitoring and alarms.

How to create an account

Attention

  • When assigning database account permissions, follow the minimum permissions principle and service roles to create accounts and assign reasonable Read-Only and Read/Write permissions. When necessary, you may split database accounts and databases into smaller units so that each database account only has access to its own service data. If you do not must write data to a database, please assign Read-Only permission.

  • Use strong passwords for database accounts and change the passwords on a regular basis.

Procedure

Thank you! We've received your feedback.