This topic describes how to manage account groups in the Data Management Service (DMS) console.
The required permissions are obtained. You have logged on to the DMS console.
Account groups are introduced to enhance the security of databases. This feature prevents staff from directly accessing database account and password information and makes it easy to maintain database security when a staff member leaves. It brings the following benefits:
- Account groups allow you to maintain logon information by database type. After you create an account group that contains the logon information of a database type and add User A to this account group, User A can log on to this type of database without the need to enter the username and password.
- This feature effectively enhances the database security because users do not need to know the database logon information. If the database logon information changes, the DMS administrator only needs to modify the logon information for the target account group without notifying users.
- You can create multiple account groups for different users to access the same type of database or the same database instance.
Create an account group.
In the left-side navigation pane, choose Account Authorization and Management > Database Account Groups. On the page that appears, click Create Account Group. In the Add Account Group dialog box that appears, set parameters including the database type, account group name, logon user, and logon password.
The created account group appears in the account group list.
Add a user to the account group.
- When you add a user, the user authorization dialog box appears. Click Add Authorized Instance to specify the database instance to which the user can log on.
- Below the list of authorized databases instances, select an account group for each instance.
If you have not created any account groups, users can only manually enter the username and password to log on to a database instance. This is the default logon method.
Log on to a database by using the account group.
Log on to the DMS console as the authorized user. On the Databases page or RDS Database Logon page, click Log On to log on to the target database. You do not need to enter the username and password.
If your logon fails, contact the relevant administrator to update the logon information of the specified account group.
If your logon succeeds, you can perform database operations with granted permissions.