Create database accounts - User Guide| Alibaba Cloud Documentation Center

Create database accounts

Edit in GitHub

Last Updated: Apr 09, 2020 Edit in GitHub

This topic describes how to create a database account and the difference between a privileged account and a standard account.

PolarDB MySQL supports two types of database account: privileged account and standard account. You can manage all accounts in the console.

Note In PolarDB, you cannot create a root account because of security reasons.


Account type	Description
Privileged account	You can only create and manage privileged accounts in the console. You can create only one privileged account for each cluster. You can use the privileged account to manage all standard accounts and databases. A privileged account has more permissions, which allows fine-grained and granular control over user permissions. For example, you can grant different users specific permissions for table query. A privileged account has all permissions on all databases in the cluster. You can use a privileged account to disconnect any account from the database.
Standard account	You can create and manage standard accounts in the console or by using SQL statements. You can create multiple standard accounts for each cluster. The maximum number of standard accounts that you can create depends on the database engine. You need to manually grant specific database permissions to standard accounts. You cannot use a standard account to create or manage other accounts, nor disconnect other accounts from databases.

Create a privileged account

Log on to the ApsaraDB for PolarDB console.
Find the target cluster and click the cluster ID.
In the left-side navigation pane, click Accounts.
Click Create Account.

In the dialog box that appears, configure the following parameters:


Parameter	Description
Account Name	Enter an account name. The account name must follow these rules: It must start with a lowercase letter and end with a letter or digit. It can contain lowercase letters, digits, and underscores (_). It must be 2 to 16 characters in length. It cannot be system reserved usernames, such as root and admin.
Account Type	Select Privileged Account. Note If you have already created a privileged account, you cannot select Privileged Account. You can create only one privileged account for each cluster.
Password	Enter an account password. The password must follow these rules: It must contain at least three of the following character types: uppercase letters, lowercase letters, digits, and special characters. It must be 8 to 32 characters in length. It can contain any of the following special characters: !@#$%^&*()_+-=
Confirm Password	Enter the password again.
Description	Enter related information about the account for the convenience of later account management. The description must follow these rules: It cannot start with http:// or https://. It must start with a letter. It can contain letters, digits, underscores (_), and hyphens (-). It must be 2 to 256 characters in length.

Create a standard account

Log on to the ApsaraDB for PolarDB console.
Find the target cluster and click the cluster ID.
In the left-side navigation pane, click Accounts.
Click Create Account.

In the dialog box that appears, configure the following parameters:


Parameter	Description
Account Name	Enter an account name. The account name must follow these rules: It must start with a lowercase letter and end with a letter or digit. It can contain lowercase letters, digits, and underscores (_). It must be 2 to 16 characters in length. It cannot be system reserved usernames, such as root and admin.
Account Type	Select Standard Account.
Databases	You can grant permissions on one or multiple databases to the account. You do not have to configure this parameter. You can perform the authorization after the account is created. Select one or multiple databases from the left-side box, and click the right arrow to add them to the right-side box. In the right-side box, select Read&Write, ReadOnly, or DMLOnly.
Password	Enter an account password. The password must follow these rules: It must contain at least three of the following character types: uppercase letters, lowercase letters, digits, and special characters. It must be 8 to 32 characters in length. It can contain any of the following special characters: !@#$%^&*()_+-=
Confirm Password	Enter the password again.
Description	Enter related information about the account for the convenience of later account management. The description must follow these rules: It cannot start with http:// or https://. It must start with a letter. It can contain letters, digits, underscores (_), and hyphens (-). It must be 2 to 256 characters in length.

Click OK.

Reset permissions of a privileged account

If there is a problem with the privileged account, for example, permissions have been unexpectedly revoked, you can reset the permissions of the privileged account. You need to enter the password of the privileged account to restore the permissions.

Log on to the ApsaraDB for PolarDB console.
Find the target cluster and click the cluster ID.
In the left-side navigation pane, click Accounts.
Click Reset Permissions to the right of Privileged Account.
In the dialog box that appears, enter the password of the privileged account to reset permissions.

Next step

View endpoints

Related API operations


API operation	Description
CreateAccount	Creates a database account for a specified PolarDB cluster.
DescribeAccounts	Queries the database accounts of a specified PolarDB cluster.
ModifyAccountDescription	Modifies the description of a database account for a specified PolarDB cluster.
ModifyAccountPassword	Changes the password of a database account for a specified PolarDB cluster.
GrantAccountPrivilege	Grants access permissions on one or more databases in a specified PolarDB cluster to a database account.
RevokeAccountPrivilege	Revokes access permissions on one or more databases from a database account for a specified PolarDB cluster.
ResetAccount	Resets the permissions of a database account for a specified PolarDB cluster.