This topic describes the information about the accounts of the PolarDB console and the PolarDB clusters.

Console accounts

You can use the following accounts to log on to the console:

  • Alibaba Cloud account: After you create an Alibaba Cloud account, all your Alibaba Cloud resources are managed under this account. All the charges of these resources are deducted from the Alibaba Cloud account. You must create an Alibaba Cloud account before you purchase Alibaba Cloud services.
  • RAM user: This account is optional. You can create and manage RAM users in the Resource Access Management (RAM) console so that you can share the resources of your Alibaba Cloud account to different users. RAM users do not own resources. The charges of the resources consumed by RAM users are billed to the Alibaba Cloud account.

Database cluster accounts

You can use the following accounts to log on to your database cluster. For more information, see Create database accounts.

Account type Description
Privileged account
  • You can only create and manage privileged accounts in the console.
  • You can create only one privileged account for each cluster. You can use the privileged account to manage all standard accounts and databases.
  • A privileged account has more permissions, which allows fine-grained and granular control over user permissions. For example, you can grant different users specific permissions for table query.
  • A privileged account has all permissions on all databases in the cluster.
  • You can use a privileged account to disconnect any account from the database.
Standard account
  • You can create and manage standard accounts in the console or by using SQL statements.
  • You can create multiple standard accounts for each cluster. The maximum number of standard accounts that you can create depends on the database engine.
  • You need to manually grant specific database permissions to standard accounts.
  • You cannot use a standard account to create or manage other accounts, nor disconnect other accounts from databases.

Related API operations

API Description
CreateAccount Creates a database account for a specified PolarDB cluster.
DescribeAccounts Queries the database accounts of a specified PolarDB cluster.
ModifyAccountDescription Changes the description of a database account for a specified PolarDB cluster.
ModifyAccountPassword Changes the password of a database account for a specified PolarDB cluster.
GrantAccountPrivilege Grants access permissions on one or more databases in a specified PolarDB cluster to a standard database account.
RevokeAccountPrivilege Revokes access permissions on one or more databases for a standard database account of a specified PolarDB cluster.
ResetAccount Resets the privileges of a privileged account for a specified PolarDB cluster.
DeleteAccount Deletes a database account for a specified PolarDB cluster.