This topic describes how to create a database account and the difference between a privileged account and a standard account.

PolarDB MySQL supports two types of database account: privileged account and standard account. You can manage all accounts in the console.

Note In PolarDB, you cannot create a root account because of security reasons.
Account type Description
Privileged account
  • You can only create and manage privileged accounts in the console.
  • You can create only one privileged account for each cluster. You can use the privileged account to manage all standard accounts and databases.
  • A privileged account has more permissions, which allows fine-grained and granular control over user permissions. For example, you can grant different users specific permissions for table query.
  • A privileged account has all permissions on all databases in the cluster.
  • You can use a privileged account to disconnect any account from the database.
Standard account
  • You can create and manage standard accounts in the console or by using SQL statements.
  • You can create multiple standard accounts for each cluster. The maximum number of standard accounts that you can create depends on the database engine.
  • You need to manually grant specific database permissions to standard accounts.
  • You cannot use a standard account to create or manage other accounts, nor disconnect other accounts from databases.

Create a privileged account

  1. Log on to the ApsaraDB for PolarDB console.
  2. Find the target cluster and click the cluster ID.
  3. In the left-side navigation pane, click Accounts.
  4. Click Create Account.
  5. In the dialog box that appears, configure the following parameters:
    Parameter Description
    Account Name

    Enter an account name. The account name must follow these rules:

    • It must start with a lowercase letter and end with a letter or digit.
    • It can contain lowercase letters, digits, and underscores (_).
    • It must be 2 to 16 characters in length.
    • It cannot be system reserved usernames, such as root and admin.
    Account Type Select Privileged Account.
    Note If you have already created a privileged account, you cannot select Privileged Account. You can create only one privileged account for each cluster.
    Password Enter an account password. The password must follow these rules:
    • It must contain at least three of the following character types: uppercase letters, lowercase letters, digits, and special characters.
    • It must be 8 to 32 characters in length.
    • It can contain any of the following special characters: !@#$%^&*()_+-=
    Confirm Password Enter the password again.
    Description Enter related information about the account for the convenience of later account management. The description must follow these rules:
    • It cannot start with http:// or https://.
    • It must start with a letter.
    • It can contain letters, digits, underscores (_), and hyphens (-).
    • It must be 2 to 256 characters in length.

Create a standard account

  1. Log on to the ApsaraDB for PolarDB console.
  2. Find the target cluster and click the cluster ID.
  3. In the left-side navigation pane, click Accounts.
  4. Click Create Account.
  5. In the dialog box that appears, configure the following parameters:
    Parameter Description
    Account Name Enter an account name. The account name must follow these rules:
    • It must start with a lowercase letter and end with a letter or digit.
    • It can contain lowercase letters, digits, and underscores (_).
    • It must be 2 to 16 characters in length.
    • It cannot be system reserved usernames, such as root and admin.
    Account Type Select Standard Account.
    Databases You can grant permissions on one or multiple databases to the account. You do not have to configure this parameter. You can perform the authorization after the account is created.
    1. Select one or multiple databases from the left-side box, and click the right arrow to add them to the right-side box.
    2. In the right-side box, select Read&Write, ReadOnly, or DMLOnly.
    Password Enter an account password. The password must follow these rules:
    • It must contain at least three of the following character types: uppercase letters, lowercase letters, digits, and special characters.
    • It must be 8 to 32 characters in length.
    • It can contain any of the following special characters: !@#$%^&*()_+-=
    Confirm Password Enter the password again.
    Description Enter related information about the account for the convenience of later account management. The description must follow these rules:
    • It cannot start with http:// or https://.
    • It must start with a letter.
    • It can contain letters, digits, underscores (_), and hyphens (-).
    • It must be 2 to 256 characters in length.
  6. Click OK.

Reset permissions of a privileged account

If there is a problem with the privileged account, for example, permissions have been unexpectedly revoked, you can reset the permissions of the privileged account. You need to enter the password of the privileged account to restore the permissions.
  1. Log on to the ApsaraDB for PolarDB console.
  2. Find the target cluster and click the cluster ID.
  3. In the left-side navigation pane, click Accounts.
  4. Click Reset Permissions to the right of Privileged Account.
  5. In the dialog box that appears, enter the password of the privileged account to reset permissions.

Next step

View endpoints

Related API operations

API operation Description
CreateAccount Creates a database account for a specified PolarDB cluster.
DescribeAccounts Queries the database accounts of a specified PolarDB cluster.
ModifyAccountDescription Modifies the description of a database account for a specified PolarDB cluster.
ModifyAccountPassword Changes the password of a database account for a specified PolarDB cluster.
GrantAccountPrivilege Grants access permissions on one or more databases in a specified PolarDB cluster to a database account.
RevokeAccountPrivilege Revokes access permissions on one or more databases from a database account for a specified PolarDB cluster.
ResetAccount Resets the permissions of a database account for a specified PolarDB cluster.