This topic describes how to create ApsaraDB PolarDB MySQL-compatible edition accounts and explains the differences between privileged accounts and standard accounts.

Background information

You can create and manage privileged accounts and standard accounts in the PolarDB console.

Note To avoid security risks, PolarDB does not provide root accounts.
Account type Description
Privileged Account
  • You can use only the console to create and manage privileged accounts.
  • You can create only one privileged account for each cluster. A privileged account can manage all the standard accounts and databases in the corresponding cluster.
  • A privileged account has more permissions than before. This allows you to implement fine-grained control over user permissions based on your business requirements. For example, you can grant different users the permissions to query different tables.
  • A privileged account has all the permissions on the databases in the corresponding cluster.
  • You can use a privileged account to disconnect accounts from the databases in the corresponding cluster.
Standard Account
  • You can use the console or execute SQL statements to create and manage standard accounts.
  • You can create multiple standard accounts for each cluster. The maximum number of standard accounts that you can create depends on the database engine.
  • You must manually grant standard accounts the specific database permissions.
  • You cannot use standard accounts to create, manage, or disconnect other accounts from databases.

Create a privileged account

  1. Log on to the PolarDB console.
  2. In the upper-left corner of the console, select the region where the cluster is deployed.
  3. Find the cluster and click the cluster ID.
  4. In the left-side navigation pane, choose Settings and Management > Accounts.
  5. On the page that appears, click Create Account.
  6. In the Create Account panel, configure the following parameters.
    Parameter Description
    Account Name

    Specify an account name. The account name must meet the following requirements:

    • It must start with a lowercase letter and end with a letter or a digit.
    • It can contain lowercase letters, digits, and underscores (_).
    • It must be 2 to 16 characters in length.
    • It cannot be a system reserved username, such as root or admin.
    Account Type Specify the type of the account. Select Privileged Account.
    Note If you have already created a privileged account, you cannot select Privileged Account. You can create only one privileged account for each cluster.
    Password Enter an account password. The password must meet the following requirements:
    • It must contain at least three of the following character types: uppercase letters, lowercase letters, digits, and special characters.
    • It must be 8 to 32 characters in length.
    • It can contain the following special characters:

      !@#$%^&*()_+-=
    Confirm Password Enter the account password again.
    Description Enter the information about the account to facilitate subsequent account management. The description must meet the following requirements:
    • It cannot start with http:// or https://.
    • It must be 2 to 256 characters in length.
  7. Click OK.

Create a standard account

  1. Log on to the PolarDB console.
  2. In the upper-left corner of the console, select the region where the cluster is deployed.
  3. Find the cluster and click the cluster ID.
  4. In the left-side navigation pane, choose Settings and Management > Accounts.
  5. On the page that appears, click Create Account.
  6. In the Create Account panel, configure the following parameters.
    Parameter Description
    Account Name

    Specify an account name. The account name must meet the following requirements:

    • It must start with a lowercase letter and end with a letter or a digit.
    • It can contain lowercase letters, digits, and underscores (_).
    • It must be 2 to 16 characters in length.
    • It cannot be a system reserved username, such as root or admin.
    Account Type Specify the type of the account. Select Standard Account.
    Databases Select the authorized databases for the account. You can leave this parameter empty. You can grant the account the database permissions after the account is created.
    1. Select one or more databases from the Databases Not Assigned list and click the icon icon. Then, the selected databases are added to the Assigned Databases list.
    2. In the Assigned Databases list, specify the permissions on the selected databases. To specify the permissions, select one of the following options: Read&Write, ReadOnly, DMLOnly, DDLOnly, and ReadOnly&Index.
    Note If you need to customize the permissions or grant the account specific table permissions, click Customize Permissions below the Databases Not Assigned list. On the page that appears, you can use the permission management feature of Database Management Service (DMS) to manage the account permissions. For more information, see Manage user permissions on MySQL databases.
    Password Enter an account password. The password must meet the following requirements:
    • It must contain at least three of the following character types: uppercase letters, lowercase letters, digits, and special characters.
    • It must be 8 to 32 characters in length.
    • It can contain the following special characters:

      !@#$%^&*()_+-=
    Confirm Password Enter the account password again.
    Description Enter the information about the account to facilitate subsequent account management. The description must meet the following requirements:
    • It cannot start with http:// or https://.
    • It must be 2 to 256 characters in length.
  7. Click OK.

Reset the permissions of a privileged account

If the permissions of a privileged account are accidentally revoked or encounter other exceptions, you can reset the permissions to restore the privileged account to the initial state. To reset the permissions of the account, perform the following steps:

  1. Log on to the PolarDB console.
  2. In the upper-left corner of the console, select the region where the cluster is deployed.
  3. Find the cluster and click the cluster ID.
  4. In the left-side navigation pane, choose Settings and Management > Accounts.
  5. On the page that appears, find the privileged account that you want to manage. In the Actions column for the privileged account, click Reset Permissions
  6. In the dialog box that appears, enter the password of the privileged account. Then, click OK to reset the permissions of the account.

What to do next

View or apply for an endpoint

Related API operations

API Description
CreateAccount Creates a database account for a specified PolarDB cluster.
DescribeAccounts Queries the database accounts for a specified PolarDB cluster.
ModifyAccountDescription Changes the description of a database account for a specified PolarDB cluster.
ModifyAccountPassword Changes the password of a database account for a specified PolarDB cluster.
GrantAccountPrivilege Grants a specified standard account the permissions on one or more databases of a specified PolarDB cluster.
RevokeAccountPrivilege Revokes the permissions on one or more databases from a specified PolarDB standard account.
ResetAccount Resets the permissions of a privileged account for a specified PolarDB cluster.