ApsaraDB for RDS implements multi-dimensional access control to ensure data security.

You can create database accounts by using one of the following methods:

  • Create a standard database account in the ApsaraDB for RDS console or by calling an API operation. Then, grant read-only, read/write, DDL, or DML permissions on different databases to the account. For more information, see Create an account for an ApsaraDB RDS for MySQL instance.
  • If you want to implement access control at a fine-grained level, such as for tables, views, and fields, create a privileged account in the ApsaraDB for RDS console or by calling an API operation. Then, log on to a database to create standard accounts. The privileged account can grant fine-grained permissions to the standard accounts. For more information, see Authorize accounts to manage tables, views, and fields.

Whitelists

ApsaraDB for RDS supports whitelists for access control to ensure network security.

By default, RDS instances block access from all IP addresses. The default IP address whitelist contains only 127.0.0.1. You can configure a whitelist on the Data Security page in the ApsaraDB for RDS console or by calling an API operation. If you update a whitelist of an RDS instance, no restart of the RDS instance is required. Your businesses are not affected.