All Products
Document Center

Access control

Last Updated: Feb 10, 2018

Database account

After you create an instance, it has no initial database account.

You can create a database account in either of the following ways:

  • Create a common account on the console or by using APIs, and set database-level read/write permissions.

  • If you need more fine-grained access control, such as table-, view-, and field-level permissions, you can create a master account on the console or by using APIs and use a database client and the master account to create a common account. A master account can set table-level read/write permissions for a common account.

    Note: Common accounts created by a master account cannot be managed on the console or by using APIs.

IP address whitelist

RDS does not have the security group feature of ECS, but provides the IP address whitelist feature to implement access control for network security.

By default, the IP address whitelist contains only, which means no IP address can access the RDS instance. You can add IP addresses through the Data Security module on the console or by using APIs. Updating the IP address whitelist does not require a restart and therefore does not affect the instance running.

You can create multiple IP address groups in the IP address whitelist, and each group can contain up to 1,000 IP addresses or IP address segments.