This topic describes the Alibaba Cloud console accounts and the PolarDB database accounts.

Console accounts

You can use the following accounts to log on to the console:

  • Alibaba Cloud account: This type of account allows flexible control over all your Alibaba Cloud resources and is used for billing purposes. You must create an Alibaba Cloud account before you purchase Alibaba Cloud services.
  • RAM user. You can create and manage RAM users in the Resource Access Management (RAM) console to share resources among multiple users. RAM users do not own resources. The charges of the resources consumed by RAM users are billed to the corresponding Alibaba Cloud account.

Database accounts

You can use the following accounts to log on to databases in the cluster. For more information, see Create a database account.

Account type Description
Privileged Account
  • You can use only the console to create and manage privileged accounts.
  • You can create only one privileged account for each cluster. A privileged account can manage all the standard accounts and databases in the corresponding cluster.
  • A privileged account has more permissions than before. This allows you to implement fine-grained control over user permissions based on your business requirements. For example, you can grant different users the permissions to query different tables.
  • A privileged account has all the permissions on the databases in the corresponding cluster.
  • You can use a privileged account to disconnect accounts from the databases in the corresponding cluster.
Standard Account
  • You can use the console or execute SQL statements to create and manage standard accounts.
  • You can create multiple standard accounts for each cluster. The maximum number of standard accounts that you can create depends on the database engine.
  • You must manually grant standard accounts the specific database permissions.
  • You cannot use standard accounts to create, manage, or disconnect other accounts from databases.

Related operations

API Description
CreateAccount Creates an account.
DescribeAccounts Queries the accounts of the specified cluster.
ModifyAccountDescription Modifies the description of a database account for the specified PolarDB cluster.
ModifyAccountPassword Changes the password of a database account for the specified PolarDB cluster.
GrantAccountPrivilege Grants a specified standard account the permissions on one or more databases of the specified PolarDB cluster.
RevokeAccountPrivilege Revokes the permissions on one or more databases from the specified PolarDB standard account.
ResetAccount Resets the permissions of a privileged account for the specified PolarDB cluster.
DeleteAccount Deletes an account.