All Products
Search

This Product

    ApsaraDB RDS:System accounts

    Document Center

    ApsaraDB RDS:System accounts

    Last Updated:Mar 08, 2024

    This topic describes the system accounts that are provided by ApsaraDB RDS for SQL Server to help you complete various operations. In most cases, you do not need to manage the permissions and authorized operations of the system accounts.

    Account

    Description

    <Hostname>\Administrator

    The account that is used to locally manage an ApsaraDB RDS for SQL Server instance. For example, you can use this account to reconfigure the parameters that are related to the minor engine version and query the status of the RDS instance.

    • aurora

    • rds_service

    The accounts that are used to remotely manage an RDS instance. If the RDS instance is faulty, you can provide these accounts to an Alibaba Cloud engineer. The engineer can use the accounts to log on to and manage the RDS instance. For example, the engineer can perform a primary/secondary switchover and monitor the RDS instance.

    • sqlsa

    • sa

    The default accounts that are provided with SQL Server. These accounts are disabled to prevent security risks.

    • rds_ha_sec_user

    • rds_ag_sec_user

    The accounts that are used to replicate data from a primary RDS instance to its secondary RDS instance. These accounts are available in RDS High-availability Edition and RDS Cluster Edition.

    rdsdt_dtsacct

    The account that is automatically generated when you create a task to migrate or synchronize data of an RDS instance by using Data Transmission Service (DTS). The username of the account is rdsdt_dtsacct. For more information, see What is DTS? The account has the permissions of a system admin account to enable DTS to obtain all data of the RDS instance, such as the binary log files. This ensures data integrity and consistency during data migration and synchronization. For more information, see Data migration and synchronization.

    • Account position and purpose: The account can be created only on the RDS instance from which you want to migrate or synchronize data. The account is used for data transmission by using DTS.

    • Limits on account management: Do not delete the account or change the password of the account when a data migration or synchronization task is running. If you delete the account or change the password of the account, the task fails. After the task is complete, you can delete the account for security purposes.

    • Impacts on SLA and other aspects: The stability, security, service-level agreement (SLA), and performance of the RDS instance are not affected during account creation.

    • Account visibility: The account is not displayed in the ApsaraDB RDS console. You can use SQL statements to query or delete the account after you connect to an RDS instance. Multiple connection methods are supported.